Compliance
HIPAA Compliance
PIPEDA Compliance
Security
Legal
Controls
Audited Document List
Anthropic BAA
Azure Canada Privacy Laws
Azure Foundational PIA
Microsoft Data Processing
HIPAA Questionnaire – Dashboard Summary
Azure Compliance Offerings
Azure BAA
Privacy Policy Scribeberry
Scribeberry Notice of Privacy Policies
Comprehensive Scribeberry Guide (PIA)
Scribeberry PIA Amendment
Scribeberry Contingency Plan
Scribeberry HIPAA Sanctions Plan
HIPAA Compliance Program for Scribeberry
Terms and Conditions for Scribeberry
About the Auditor
The audit was conducted by Ingrid Ruys, a seasoned professional with extensive experience spanning multiple decades in the privacy and regulatory sector. Ingrid Ruys is renowned for her proficiency in conducting a multitude of privacy impact assessments. Her notable expertise is drawn from her distinguished work in privacy-related roles at esteemed organizations such as the Alberta Medical Association, Brightsquid, and the City of Edmonton, among others.
FAQs
Where is data stored?
Scribeberry does not see any stored PHI. We utilize Microsoft Azure as our cloud provider. We have a BAA with Microsoft Azure to safeguard any PHI transmitted through the application. This PHI is transmitted from the user to Azure and back securely via end-to-end encryption. The data is only temporarily stored on Scribeberry in an encrypted fashion. The only purpose of this storage is to synchronize notes across user devices. Once the notes are deleted by the user, no encrypted data is stored
Azure servers are region specific. When a Canadian user logs-in, that data stays in Canada. When a user from the USA logs in, data is able to be routed to USA based servers
How do you use data?
Scribeberry does not permanently store PHI. We can not see the PHI nor do we train any AI systems on any PHI. Data inputs remains private and confidential.
When text is created, the text is submitted through an encrypted channel to Azure and back to the user device. We can never see this data.
Is data encrypted?
Yes – we utilize state-of-the-art encryption methods to ensure secure transit of sensitive data to and from the AI service
Are there stored audio recordings?
We do not store nor create audio recordings of any kind. Transcription occurs using our own self-hosted encrypted transcription service. Transcription occurs in real-time. The transcribed text is then utilized to generate notes across various use cases. No distinct audio files are created or stored. This ensures compliance and removal of any identifying characteristics (accents, language etc.)
Are you compliant across Canada (ie. Provincially)
Yes, Scribeberry is compliant across all Canadian Provinces. We have submitted a PIA (Privacy Impact Assessment) and have completed an audit on our security risk and data management policies
Who are your third-party providers?
We utilize a number of third-parties. We utilize Microsoft, Anthropic, and Google as main infrastructure providers. We have a healthcare data agreement with all three providers.
Can we Access Further Documentation?
Documentation is provided on the left hand side. For any other questions, please email hello@scribeberry.com