We safeguard your data with industry-leading security measures. Our platform is fully compliant with HIPAA regulations. Here are some specific details:

• Data is fully encrypted in transit and at rest.
• All of the data that is captured is stored in US-based data centers managed by Google Cloud. We have a BAA with them to ensure we are aligned in terms of expectations of data security/privacy.
• You can request your data be deleted at any time.
• We have role-based access controls and auditing in place to tightly control access to the data.
• Our entire team goes through HIPAA awareness training. On top of that our engineering team goes through HIPAA security training.
• We also built features like privacy mode that will mask UI elements like patient names and dates of birth in case you are using Eluve in an area where others may be looking over your shoulder.

Frequently Asked Questions

Q: What type of data do you collect and store?

Depending on how you’ve setup Eluve and what you’ve configured it to sync with, we store information like patient names, audio files of conversations, transcripts of conversation, AI drafts of medical notes, and the edits you make to those notes.

Q: Where are you storing PHI?

We have several different data centers. For customers in North America, we store all data in Google Cloud (gcp) in the United States. For enterprise customers and partners, we can set up dedicated infrastructure in a region that suits your needs.

Q: What is data used for? And how long is the information stored?

The data we capture about a patient will be used to improve artifacts (e.g. medical notes, care plans, home exercise plans, differential diagnoses, etc) for that patient. The data we capture about you will be used to tailor your experience (e.g. to learn your preferences and make draft AI notes better over time). The usage of the platform/bug reports/feedback channels will all be used to improve the quality of the service.

We securely store patient information indefinitely. You may request its deletion at any time: Contact Us .

Q: What are your safety protocols?

A few highlights:

• We conduct regular risk analyses to identify vulnerabilities in how PHI is created, received, stored, or transmitted.
• We develop, document, and enforce HIPAA-compliant policies. Update them regularly to adapt to new threats or changes in regulations.
• We train all workforce members on HIPAA regulations and your organization’s specific privacy and security policies.