HIPAA Compliance Overview

SOAP Note Buddy was built for HIPAA compliance from the ground up. Every layer of the system is designed to protect patient information while giving you powerful AI-assisted documentation tools.

Infrastructure

All AI processing runs on Google Cloud infrastructure covered by a HIPAA Business Associate Agreement (BAA). This means Google is contractually obligated to handle data in compliance with HIPAA requirements.

Automatic PHI Scrubbing

Before any data leaves your device, Protected Health Information is automatically stripped out using pattern-based detection. Patient names, ages, contact information, Social Security numbers, medical record numbers, addresses, and dates are all removed before the AI processes your request. The AI never sees identifiable patient data.

Technical Safeguards

• All data encrypted in transit using HTTPS/TLS
• All data encrypted at rest in cloud storage
• Authentication required for every API request
• No PHI stored in AI systems — data is processed and discarded

Administrative Safeguards

• BAA in place with Google Cloud
• BAA acceptance required before you can use the extension
• Clear data handling policies documented and available
• Support team trained on HIPAA requirements

Physical Safeguards

• Patient data stored locally in your browser (IndexedDB)
• Cloud data hosted in Google’s SOC 2 certified data centers
• Access controls enforced at every level

Your Responsibility

While SOAP Note Buddy provides the technical infrastructure for HIPAA compliance, you are responsible for using it appropriately within your practice. Always review generated notes before finalizing them in your EMR.

For questions about our HIPAA compliance, contact [email protected].