Compliance & Security

Psychiatric documentation demands the highest standards of data privacy. Here's exactly how we protect your patients' information.

HIPAA Compliant

Full compliance with the Health Insurance Portability and Accountability Act. Administrative, physical, and technical safeguards implemented across all systems.

  • AES-256 encryption at rest
  • TLS 1.3 in transit
  • Access controls and audit logging
  • Regular security assessments

42 CFR Part 2 Compliant

Federal regulation governing the confidentiality of substance use disorder patient records. Psynopsis maintains strict separation between psychotherapy notes and progress notes.

  • Psychotherapy note separation
  • Substance use record protections
  • Consent-based disclosure controls
  • Audit trail for all access

Audio Never Stored

Audio is processed in real-time for transcription and immediately discarded. No audio recordings are ever stored on our servers or used for model training.

  • Real-time processing only
  • Immediate deletion after transcription
  • Never used for AI training
  • Verified by architecture audit

NPI Verification

Only licensed healthcare providers with valid National Provider Identifiers can access Psynopsis. Verified against the NPPES database.

  • NPPES database verification
  • Provider-only access
  • Credential validation
  • Professional community integrity

Data Handling Summary

Transparent answers to the questions your compliance officer will ask.

Data encryption AES-256 at rest, TLS 1.3 in transit
Data residency United States (HIPAA-compliant cloud)
Audio storage None — processed in real-time, never stored
Data retention User-controlled — export or delete anytime
Data training Patient data never used to train AI models
Access controls Role-based with complete audit trail
Incident response Documented breach notification process
Business Associate Agreement Available for all paid plans

Business Associate Agreement

BAA is included with all paid plans. Need a copy for review before subscribing? We'll send one within one business day.

Request BAA Copy Contact Compliance Team

Most competitors require a demo call before sharing a BAA. We'll email you one directly.

Security & Compliance FAQ

Can I get a BAA before starting a paid plan?
Yes. We can provide a BAA for review prior to subscription. Contact us at compliance@psynopsis.ai and we'll send a copy within one business day.
Where is patient data stored?
All data is stored on HIPAA-compliant cloud infrastructure within the United States. We use enterprise-grade hosting with AES-256 encryption at rest and TLS 1.3 encryption in transit.
Is audio from patient sessions recorded or stored?
No. Audio is processed in real-time for transcription and immediately discarded. No audio is ever stored on our servers, backed up, or used for any purpose beyond generating the transcription. If you use post-session dictation mode, no patient audio is involved at all.
How does Psynopsis handle psychotherapy notes vs progress notes?
In compliance with 42 CFR Part 2 and HIPAA, Psynopsis maintains strict separation between psychotherapy notes and progress notes. The platform's documentation workflows are designed to keep these records distinct, with appropriate access controls for each type.
Can I export or delete my data?
Yes. You retain full ownership of all documentation created on Psynopsis. Data can be exported at any time in standard formats. Upon request, we will permanently delete all your data from our systems, with written confirmation.
No credit card required

Stop Spending Evenings on Notes

Psychiatric documentation that understands your workflow. MSE, medication changes, SI/HI — documented correctly while you focus on your patients.

Start Free Today Request a Demo

HIPAA compliant · BAA included · Audio never stored