Soap AI Privacy & Security

Establishing and maintaining trust between healthcare clinicians and patients is the highest priority at Soap AI. We commit and hold ourselves accountable to HIPAA-compliant procedures for data storage and processing for all data collected and shared through our application.


_________________________________________________________________________________________________________________________________________________


Internal Staff Security Measures
All employees must:
  • Undergo thorough background screenings prior to employment.
  • Participate in yearly training focused on security awareness, HIPAA compliance, privacy policies, and information categorization.
Compliance
  • Soap AI consistently conducts risk evaluations to ensure that our policies are current and pertinent.
  • Our executive team bear the responsibility for overseeing Privacy and Security matters.
Secure Software Development Process
  • We meticulously review all software updates to guarantee compliance.
  • Soap AI adopts an infrastructure-as-code approach, subjecting all infrastructure alterations to rigorous scrutiny prior to implementation.Our engineering team is trained in secure software development methodologies.
Cloud Hosting and Data Accessibility
  • We utilize technology providers like Google Cloud Platform's secure data centers for our hosting services, ensuring that data storage and processing are secure.
  • A HIPAA Business Associate Agreement is in place between Soap AI (First Draft AI LL) and Google. We utilize Google Cloud's robust infrastructure to guarantee constant data accessibility.
  • All stored and transmitted data is encrypted using industry-standard encryption protocols.
Vendor Oversight
  • All vendors engaged in processing patient information must comply with HIPAA standards and sign Business Associate Agreements (BAAs) with Soap AI. We frequently assess the security measures of our vendors to maintain high standards.
Artificial Intelligence Applications
  • Our AI models are fully compliant with HIPAA and do not retain data.We never use protected health information for training AI models.
Patient Data Protection
  • Patient data is stripped of PHI, anonymized and encrypted both in storage and during transmission.
  • Patient recordings are not saved to disk; they are instantly removed after successful soap note creation.
  • All patient data is stripped of PHI, anonymized and kept for a backup duration of 30 days, after which it is systematically deleted.


Soap AI Privacy & Security



Establishing and maintaining trust between healthcare clinicians and patients is the highest priority at Soap AI. We commit and hold ourselves accountable to HIPAA-compliant procedures for data storage and processing for all data collected and shared through our application.


__________________________________________________

Internal Staff Security Measures
All employees at Soap AI must:
  • Undergo thorough background screenings prior to employment.
  • Participate in yearly training focused on security awareness, HIPAA compliance, privacy policies, and information categorization.
Compliance
  • Soap AI consistently conducts risk evaluations to ensure that our policies are current and pertinent.
  • Our executive team bear the responsibility for overseeing Privacy and Security matters.
Secure Software Development Process
  • We meticulously review all software updates to guarantee compliance.
  • Soap AI adopts an infrastructure-as-code approach, subjecting all infrastructure alterations to rigorous scrutiny prior to implementation.Our engineering team is trained in secure software development methodologies.
Cloud Hosting and Data Accessibility
  • We utilize technology providers like Google Cloud Platform's secure data centers for our hosting services, ensuring that data storage and processing are secure.
  • We utilize Google Cloud Platform's robust infrastructure to guarantee constant data accessibility.
Data Confidentiality and Encryption
  • All stored and transmitted data is encrypted using industry-standard encryption protocols.
Vendor Oversight
  • All vendors engaged in processing patient information must comply with HIPAA standards and sign Business Associate Agreements (BAAs) with Soap AI. We frequently assess the security measures of our vendors to maintain high standards.
Artificial Intelligence Applications
  • Our AI models are fully compliant with HIPAA and do not retain data.We never use protected health information for training AI models.
Patient Data Protection
  • Patient data is encrypted both in storage and during transmission.
  • Patient recordings are not saved to disk; they are instantly removed after successful soap note creation.
  • All patient data is kept for a backup duration of 30 days, post which it is systematically deleted.