Security and data handling, in plain language

NoteyDoc is built for real clinical documentation, so protecting the information that passes through it is the core of the product, not an afterthought. Here is exactly how it works.

NoteyDoc never records patients or sessions

NoteyDoc works from a short treatment summary that the therapist types. There is no microphone access, no ambient listening, and no session audio, ever. Nothing is captured from the visit itself.

PHI is screened before anything is processed

NoteyDoc uses a multi-layer screening pipeline that checks every summary for protected health information such as names, dates of birth, addresses, and identifiers before the note is created. If PHI is detected, the request is blocked and the therapist is asked to remove it and use neutral terms like Pt or Client instead. Notes are written without patient identifiers by design.

Encrypted in transit and at rest

All data sent to and from NoteyDoc is encrypted in transit, and stored data is encrypted at rest.

A Business Associate Agreement is available

For practices and agencies whose compliance policies require one, NoteyDoc offers a Business Associate Agreement. Contact support to request a BAA for your organization.

You stay in control of every note

NoteyDoc drafts the note. The therapist reviews it, edits it, and decides what goes into the chart. NoteyDoc never writes to your EHR automatically and never submits anything on your behalf.

Questions

If you have a security question we have not answered here, or your agency has a vendor review process, reach out through the Support page and we will respond directly.