Back to Home

HIPAA Compliance

HIPAA Compliance

Last Updated: March 2026

Scribient is committed to maintaining the highest standards of privacy and security for protected health information (PHI). This page outlines our HIPAA compliance program and the measures we take to safeguard patient data.

Our Commitment to HIPAA

Scribient operates as a Business Associate under HIPAA regulations. We maintain comprehensive policies, procedures, and technical controls to ensure the confidentiality, integrity, and availability of PHI.

Administrative Safeguards

Policies and Procedures

  • Comprehensive privacy and security policies
  • Regular policy review and updates
  • Documented incident response procedures
  • Workforce training requirements

    • Workforce Security

  • Background checks for all employees
  • Role-based access controls
  • Termination procedures for departing employees
  • Regular security awareness training

    • Risk Management

  • Annual risk assessments
  • Vulnerability management program
  • Third-party security audits
  • Continuous monitoring and improvement

    • Physical Safeguards

    Facility Security

  • SOC 2 Type II certified data centers
  • Physical access controls
  • Environmental protections
  • Disposal procedures for media

    • Workstation Security

  • Endpoint protection requirements
  • Secure remote work policies
  • Automatic screen locks
  • Device encryption requirements

    • Technical Safeguards

    Access Controls

  • Unique user identification
  • Multi-factor authentication available
  • Automatic session timeout
  • Audit logging of all access

    • Encryption

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Encrypted backups
  • Secure key management

    • Integrity Controls

  • Data validation checks
  • Change detection mechanisms
  • Audit trails for all modifications
  • Regular integrity verification

    • Transmission Security

  • Secure API endpoints
  • Certificate management
  • Network segmentation
  • Intrusion detection systems

    • Business Associate Agreements

    Scribient executes Business Associate Agreements (BAAs) with all covered entities. Our BAA includes:

  • Permitted uses and disclosures of PHI
  • Safeguard requirements
  • Breach notification obligations
  • Subcontractor requirements
  • Termination provisions

    • To request a BAA, contact us at legal@scribient.ai.

    Breach Notification

    In the unlikely event of a security breach, Scribient follows strict notification procedures:

    1. **Discovery**: Immediate investigation upon detection

    2. **Assessment**: Determination of scope and impact

    3. **Notification**: Timely notification to affected parties

    4. **Mitigation**: Immediate steps to contain and remediate

    5. **Documentation**: Complete incident documentation

    Compliance Certifications

  • SOC 2 Type II certified
  • Annual third-party security audits
  • Regular penetration testing
  • Continuous vulnerability scanning

    • Your Responsibilities

    As a covered entity using Scribient, you should:

  • Execute a BAA with Scribient before processing PHI
  • Configure appropriate access controls for your users
  • Train your staff on proper use of the platform
  • Report any suspected security incidents promptly
  • Maintain your own HIPAA compliance program

    • Questions?

    For questions about our HIPAA compliance program:

    **Email**: compliance@scribient.ai

    **Phone**: 1-800-SCRIBIENT

    For urgent security concerns:

    **Email**: security@scribient.ai

    Other Legal Documents

    Privacy PolicyTerms of ServiceHIPAA ComplianceBAA Information