Heidi compliance lightning FAQs
Have a laser focussed question on Heidi’s compliance and safety? You can find the answer below. If we’re missing a question then just submit it to support@heidihealth.com and we’ll add it to the list!
1. Is audio recording stored?
No, Heidi does not store audio recordings of patient consultations. The system uses ambient listening technology to transcribe conversations in real time, but the audio itself is not retained.
2. How do you deal with regional conditions and terminology?
Heidi utilises a custom model that is specifically engineered to handle regional dialects and medical terminology variations. This model achieves market-leading word error rates, ensuring accurate transcription regardless of regional differences in medical language. Our clinical governance team continuously monitors and improves the system's performance with local speech patterns and terminology.
3. How do you appropriately represent minorities including indigenous and first nations people?
Heidi's clinical governance team continuously monitors and assesses the system's performance across diverse populations, including minority groups. This ongoing evaluation helps minimise bias and ensures fair representation in the documentation process.
4. How do you handle and store patient consent?
Patient consent is a crucial aspect of using Heidi. Users can configure prompts to seek patient consent before scribing each encounter, and this consent is documented within the system. Heidi provides flexibility in how consent is obtained, allowing clinicians to integrate consent-seeking into their existing workflows, whether through intake forms, verbal agreements, or visual cues in the consultation room which we provide in our resource centre.
5. Where is your data processed? How does the tool ensure compliance with state and territory laws regarding the recording of conversations? Can you show me a flowchart of data flow for a patient interaction?
Heidi processes data using a combination of localised and, when necessary for performance, offshore services. Compliance with state and territory laws is ensured through pseudonymization, non-retention policies, and the use of compliant local storage solutions. While we don't have a specific flowchart available, Heidi's data flow is designed to prioritize patient privacy and comply with relevant regulations at every step of the process.
6. How long is data retained on Heidi? Can data retention policies within the AI scribe system be customized, and do users have control over storage and deletion?
Heidi offers fully customizable data retention options, allowing users and organizations to set retention periods anywhere between 1 day and "never delete." By default, accounts are set to "never delete" to ensure transcripts, which may be valuable for documentation or evidence of consultations, are not unintentionally lost. However, users can easily adjust these settings within their preferences, and organizations can configure them globally.
Consultations are recorded locally during interactions and securely transmitted for transcription and processing, with robust encryption ensuring privacy throughout. Heidi processes the recordings to create temporary draft records that doctors can use to generate medical notes. The draft records are accessed by doctors within Heidi to review and edit, with options to format them using internationally recognized templates like SOAP or custom layouts. Once finalized and saved into the patient’s official medical record, the temporary records can be deleted from Heidi. These temporary records are akin to shorthand notes and are not intended to form part of the official medical record. Importantly, only the doctor has access to these temporary records, and once deleted, they cannot be recovered by Heidi or any other party.
7. Can you run a version of Heidi without third-party processing?
For enterprise customers, Heidi can be configured to run within siloed AWS and Azure environments, minimising third-party processing. However, this configuration may affect performance and some product functionality. Heidi's standard version uses third-party processors like Kinde or Stripe to provide optimal service while maintaining a strict compliance framework to protect patient privacy.
8. You say you're compliant but prove it. How should you evaluate other vendors' compliance claims? Is there published data on the clinical utility, validity, and safety of the AI scribe?
Heidi takes compliance seriously, having invested in certifications like ISO27001, SOC2 Type 2, and meeting regulations such as HIPAA, GDPR, and the APP. When assessing other vendors, check for these internationally recognized third-party certifications, consult their Trust Centres, and request detailed compliance documentation. For clinical utility, validity, and safety, we’re engaged in ongoing research with several institutions. If you’re interested in exploring studies on Heidi’s impact, reach out—we’re always open to supporting further research on our AI scribe’s benefits in clinical settings.
9. Does my session data get used for model training?
We don't use any of your sensitive health information for model training. We only use your data for the purpose it was collected- for a full list of uses please refer to our privacy policy.
10. My patients are concerned about the secondary uses of their data. Will it be sold? Will it be used for training?
No, absolutely not! We don’t sell patient data—ever. Our only focus is on helping clinicians ease their administrative headaches
11. How do you mitigate against technical errors in Heidi such as written mistakes in the output?
To mitigate technical errors, Heidi employs advanced language models and continuously monitors performance. However, clinicians must review and edit all AI-generated documentation before finalising, as they remain responsible for the accuracy of medical records.
12. Can you provide studies or references that demonstrate the effectiveness and safety of the tool in a clinical setting?
While we have conducted numerous case studies demonstrating Heidi's effectiveness, we are currently engaged in formal research at several institutions. We welcome clinicians and researchers interested in studying Heidi's impact on clinical workflows and patient care to contact us for collaboration opportunities at support@heidihealth.com.
13. What features are included to minimise mishearing, incorrect categorisation, or omission of critical clinical information? How does the AI scribe handle accents, dialects, and medical terminology specific to local practice? Has the tool been trained to accurately recognise and transcribe local speech patterns and terms?
Heidi uses a custom model specifically engineered to handle medical terminology and regional dialects, achieving industry-leading word error rates, ensuring accurate transcription of regional accents and medical terms. The system also employs context-aware processing to minimise incorrect categorization. In addition, LLMs systematically correct for mishearings in the transcript to render high-quality notes. In our rating systems we record less than 1 negative rating for every 1000 notes that Heidi creates.
14. Does the tool facilitate easy review and correction of notes by the practitioner before they are entered into the patient health record?
Yes, Heidi is designed with a user-friendly interface that allows practitioners to easily review, edit, and approve all AI-generated notes before they are finalised. This step is crucial in maintaining the accuracy and integrity of patient health records.
15. How does the tool account for clinical information that is not explicitly spoken during the consultation?
While Heidi primarily transcribes spoken information, it's designed to capture context and interpret clinical narratives including via the context tab or where clinicians dictate physical and observation findings directly to Heidi before or after visits. As Heidi is a listening tool, clinicians need to add any unspoken observations or assessments during their review of the AI-generated notes.
16. How has clinician feedback been incorporated to ensure the tool is fit for use in my specialty area?
Heidi's development is guided by continuous feedback from clinicians across various specialties. We regularly update our models and features based on this input to ensure the tool remains relevant and effective across different medical fields.
17. What is your policy in the event of a data breach? How will you notify users and what support will be provided to manage and mitigate the breach?
In the event of a data breach, Heidi follows a strict incident response protocol in compliance with ISO27001 and SOC2 obligations. Users will be promptly notified via email and in-app notifications. We provide comprehensive support to affected users, including guidance on mitigating potential impacts and assistance with any necessary reporting to regulatory bodies.
18. Does the AI scribe require internet connectivity to function? What happens during network outages, and how is data protected during transmission?
Heidi's mobile app has an on-device offline mode, ensuring functionality during network outages. Data is encrypted at the hardware level on the device, so there's no risk to data security even without internet connectivity. When online, all data transmission is fully encrypted.
19. Are there any known limitations or contraindications for using the AI scribe in certain clinical scenarios? In which situations would you advise against using the tool, and why?
While Heidi is designed for broad clinical use, it may not be suitable for extremely sensitive consultations or in situations where patient consent cannot be obtained. We advise clinicians to use their professional judgment and to always prioritise patient comfort and privacy.
20. How frequently is the AI model updated, and how are updates communicated?
Heidi's AI models are regularly updated to improve performance and address any identified issues. We maintain a Changelog that is constantly updated, and users are notified via email of any significant changes. For enterprise clients, we provide detailed incident response forms and update schedules.
21. What liability protections are in place for errors generated by the AI scribe? Does your company assume any responsibility for inaccuracies, or is that solely on the practitioner?
Heidi is underwritten for all users against technical errors and performance issues. However, clinicians remain responsible for reviewing and approving all AI-generated content before it becomes part of the official medical record. Our terms of service clearly outline the shared responsibilities between Heidi and the practitioner.
Know more. Feel clever.
No-nonsense goodies about the latest in MedTech from your friends at Heidi.
Meet your AI resident.
It’s like you, but less gorgeous.