Skip to content
Back to home

HIPAA

HIPAA compliance overview

AI MedPad is positioned for clinical documentation workflows that may include protected health information. Covered entities should complete their own vendor review before production use.

PHI-aware workflows

AI MedPad should be configured so protected health information is handled only by authorized users, approved workspaces, and customer-approved systems. Clinics should define who can record visits, review drafts, export documents, and manage administrative settings.

  • Restrict workspace access to authorized clinical and administrative users.
  • Review generated notes before they become part of the medical record.
  • Avoid entering PHI into unsupported channels outside approved workflows.

Business associate review

Covered entities should request the current business associate agreement and security documentation before production use. The review should confirm permitted uses of PHI, safeguards, breach notification obligations, subcontractor handling, and termination/deletion procedures.

Clinician review

Generated documentation should remain reviewable and editable before it becomes part of the medical record. AI MedPad does not replace clinical judgment, diagnosis, treatment decisions, or prescription responsibility.

Customer responsibilities

Each clinic remains responsible for HIPAA policies, workforce training, minimum necessary access, EHR configuration, patient consent workflows where applicable, and final approval of clinical documentation.