Introduction

Clinify (ACN: 662 751 920) provides AI-powered clinical note generation. This page explains how patient data is handled throughout the process — from recording through to deletion.

Data handling

1. Recording and Transcription: Audio from the consultation is encrypted in transit and transcribed to text in real time. Transcription runs on Google Cloud Platform infrastructure. This step is stateless — no audio data is stored at any point.

2. Processing: The transcription is passed directly to our language models to generate clinical notes. The raw transcription is not stored. Generated notes are encrypted and saved to the clinic's selected data residency region.

3. Data Residency: Each clinic selects a data residency region that determines where patient-sensitive data — clinical notes and documents — is stored. Four regions are available: Sydney, London, Frankfurt, and US East. The US East region is HIPAA compliant. Clinics can change their region at any time in settings. See our data residency announcement for details.

4. Configurable Retention: Each clinic sets their own retention period for clinical notes, from 3 to 180 days (default: 3 days). After the configured period, notes are automatically redacted from our servers. Clinics are responsible for exporting notes to their practice management system before expiry.

Encryption

• In-Transit and At-Rest Encryption: All data is encrypted using AES during transmission and at rest.

• Application-Level Encryption: Clinical notes are additionally encrypted at the application level within the database. This means that even in the event of a database compromise, note content remains unreadable.

Infrastructure

We use Google Cloud Platform (GCP) for transcription and Microsoft Azure for additional AI inference. Patient data is stored in the clinic's chosen data residency region. Both providers operate under strict compliance and data protection agreements, including Business Associate Agreements (BAAs) for HIPAA-covered data.

Access Controls

• Clinician-Only Access: Only the treating clinician has access to clinical notes generated by the AI. Clinify staff do not have access to decrypted patient data.

Retention and Deletion

Clinical notes are automatically redacted after the clinic's configured retention period. No patient health data is retained indefinitely. Clinics manage their retention settings directly from their dashboard.

Contact

For questions about our data privacy practices, contact us at privacy@clinify.com.