GOATnote - AI-Native Healthcare EHR Platform

Medical Information Privacy & HIPAA Compliance

GOATnote is committed to protecting your medical information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy regulations. This Privacy Policy describes how medical information is collected, used, disclosed, and safeguarded when our AI-powered clinical decision support systems are utilized.

Information Collection and Processing

Medical conversations are recorded and transcribed using artificial intelligence technology for clinical documentation purposes. Voice data is processed in real-time to generate structured medical notes that may be integrated into electronic health record (EHR) systems. All audio processing is performed using HIPAA-compliant infrastructure with end-to-end encryption.

Data Security and Encryption

Patient data is protected using AES-256 encryption both in transit and at rest. Access to medical information is restricted through role-based access controls, multi-factor authentication, and comprehensive audit logging. All systems undergo regular security assessments and vulnerability testing to maintain the highest standards of data protection.

AI Processing and Clinical Decision Support

Artificial intelligence models, including GPT-5 technology, are employed to analyze medical conversations and generate clinical documentation. These AI systems are configured with medical-specific parameters and undergo continuous monitoring for accuracy and bias. All AI-generated content is clearly identified and requires clinical validation before integration into patient records.

Data Retention and Disposal

Voice recordings are automatically purged from systems within 30 days unless explicitly saved for clinical purposes. Medical notes and transcripts are retained according to applicable medical record retention requirements. Secure deletion procedures are employed to ensure complete data removal when retention periods expire.

Patient Rights and Access

Patients have the right to access, correct, or request deletion of their medical information processed through our systems. Recording sessions may be terminated at any time upon patient request. Patients may also request copies of AI-generated clinical notes and audit logs related to their medical information processing.

Third-Party Integrations

Medical information may be shared with authorized EHR systems and healthcare providers as necessary for patient care. All third-party integrations are governed by Business Associate Agreements (BAAs) and undergo security assessments to ensure HIPAA compliance. No medical information is shared for marketing or non-clinical purposes without explicit patient consent.

Contact Information

For questions regarding this Privacy Policy or to exercise your privacy rights, please contact our Privacy Officer at privacy@goatnote.com or through the contact information provided in our Terms of Service.

This Privacy Policy may be updated periodically to reflect changes in our practices or applicable regulations. Patients will be notified of material changes through appropriate channels.