Our system is regularly audited to meet HIPAA standards. Every step of the workflow is encrypted and secure, protected by signed Business Associate Agreements.
We only use trusted tools with a proven track-record of suitability for healthcare applications. All third-party data processing is performed under strict no sharing policies.
You retain complete ownership of your data, with easy on-demand deletion. Your activity and information is never shared, sold, or used to train third-party AI models.
See how Mindy keeps your data safe every step of the way.
Invite Mindy to a session and audio is securely captured via your HIPAA-compliant telehealth platform. Audio is temporarily stored in encrypted, ISO-certified AWS S3 storage—the same technology trusted by the CDC and major healthcare systems.
Patient identifiers are removed from the audio before processing. Audio and session metadata remains securely stored in AWS and accessible only to the Mindfuldocs.ai Quality Assurance (QA) manager for necessary quality control.
Notes are securely generated using industry-standard large language models protected under strict BAAs (such as OpenAI’s ChatGPT and Google’s Gemini). Importantly, your data remains private and is never utilized to train third-party AI models.
Notes generated by Mindy are securely saved directly to your private Google Drive folder within a HIPAA-compliant Google Workspace environment. Only you can access, review, edit, or integrate them into the EMR.
Session audio recordings are securely stored temporarily for quality control purposes and then permanently deleted. You may request immediate deletion of audio recordings, transcripts, and notes at any time.
We recommend seeking verbal and/or written consent from the patient to use an AI scribe each time you use Mindy in a session.
Yes. Our system is regularly audited to meet HIPAA 2025 standards. All third-party tools and tech partners utilized by Mindy are also HIPAA compliant, ensuring robust end-to-end data security.
Mindfuldocs.ai will only access your data for quality improvement or troubleshooting purposes. We have stringent access controls in place to ensure authorized staff only have access to the minimum amount of customer data required to fulfil their roles.
Large language models (LLMs; the technology behind Mindy) are capable of independent learning. However, we don’t believe that’s appropriate for healthcare settings. To continuously improve Mindy, we undertake a controlled process utilizing de-identified data from customer feedback, error-reporting, and guidance from clinical and technical experts.
At this stage Mindy is only available to US-based healthcare professionals, so we have not explored international compliance.