In most states, patients recording doctor visits do not need express permission to record. (See exceptions in next question.)
However, regardless of where you live, we recommend recording clinical conversations only after letting others know you’re recording, as a way to build trust and encourage clear communication. Some patients work together with their clinicians to record specific parts of a conversation, like follow-up instructions.
Data is always transmitted via secure channels. For example, when you use Abridge to record a doctor’s visit, your data is encrypted in transit and at rest using the industry best practice encryption standards (e.g. S/MIME, X.509 certificates, TLS) to safeguard your information.
Specifically, data stored is encrypted at the storage level using AES-256. These data encryption keys are stored with the data, encrypted with (“wrapped” by) key encryption keys that are exclusively stored and used inside a secured Key Management Service. AppArmor (a Linux Security Module) security policies are applied to all the containers running the machine learning services. Data is protected as it travels over the internet during read and write operations using HTTPS. We use HIPAA Compliant products and services for data storage and processing.
After you finish recording your doctor patient conversation, your audio is run through our machine learning algorithms which create a transcript of meaningful moments. That, as well as any additional information you choose to upload to your account, is securely stored on our servers.
In addition to using state-of-the-art security systems, we also have strict internal access-control policies to prevent privacy violations.
When you use the Abridge app to record doctor visits, you’re in control of your data. To us, delete means delete, and we’ll remove all traces of your information from our servers. We promise to never share any information without your prior consent.
HIPAA stands for The Health Portability and Accountability Act. It’s a federal set of laws that’s all about helping you access your own data from healthcare providers and insurance companies and keep it private. We think it’s awesome!
These days, it’s common to give HIPAA s*** for blocking access to your own health records. But, that’s the exact opposite of what HIPAA is intended to do! We believe that people who think HIPAA is a hurdle are probably doing it all wrong.
So how does HIPAA apply to Abridge? As a tool intended to help patients collect their own health information (versus helping providers or insurers document your info for their own use), Abridge doesn’t fall under HIPAA regulation.
But even though we’re not subject to HIPAA regulations, we still take inspiration from it. For example, HIPAA provides certain stipulations around data security. Our ambition is to hold ourselves to an even higher standard around data security and privacy than HIPAA requirements, so we can be responsible stewards of your doctor and patient conversations, and other valuable health information.
The evidence so far shows that patients want to record their doctor appointment conversations because they value your advice and want to hear it again, and share it with others that are important in their lives (Elwyn, Barr, and Grande 2015).
Our co-founder & CEO, Dr. Rao, has been recommending that his patients record health conversations for the last couple of years.
Patients who want to use the recording for legal purposes would probably not be asking for permission to record. 🙂
Yes, patients have a legal right to record. In fact, they do not need permission to record doctor visits in most states in the U.S. Laws will vary based on country. To find out more, read (Elwyn, Barr, and Castaldo 2017).
Yes, there are an increasing number of healthcare organizations that encourage patients to record doctor visits. In fact, Abridge has been recommended by doctors, nurses, and administrators at UPMC for the last year.