MediScribe Flow
Sign in Request a demo

Security & compliance

How MediScribe Flow protects clinical information

MediScribe Flow is a clinical documentation workflow platform designed to support HIPAA-aligned workflows for hospice, home health, and other field-based clinical teams. Security and privacy are foundational to how the product is built — from capture in the field through secure delivery. This page summarizes our approach. We're glad to provide more detail and a Business Associate Agreement (BAA) for your organization.

Our principles

  • Practitioner-controlled review. Documentation is reviewed and approved by a practitioner before it is finalized or delivered. Nothing is sent automatically without review.
  • Clinical responsibility stays with the practitioner. MediScribe Flow provides documentation workflow support and review assistance — including OASIS-E2-oriented review where configured. The practitioner remains responsible for clinical judgment, review, and final documentation, and OASIS assessments are not submitted automatically.
  • Minimum necessary. Patient information is handled with a minimum-necessary approach throughout the workflow. Examples shown on our marketing site use sample data only.
  • Defense in depth. We combine encryption, access controls, authentication, and audit logging rather than relying on any single safeguard.

Data protection

  • Encryption in transit. Information is transmitted over encrypted connections (TLS).
  • Encryption at rest. Stored information is encrypted at rest in our cloud infrastructure.
  • On-device protection. When the mobile app is offline, voice recordings are stored locally in encrypted form and removed once they have been uploaded for processing.

Access & authentication

  • Standards-based authentication. Sign-in uses industry-standard OAuth 2.0 / PKCE flows; we do not store passwords.
  • Role-based access. Administrators govern which templates and customers are available and who can receive documents.
  • Recipient controls. Delivery is controlled, with recipient access managed by your organization.

Oversight & accountability

  • Audit logging. Key actions are logged to support operational oversight and accountability.
  • Administrator governance. Organizations manage templates, access, and recipients centrally.

HIPAA & Business Associate Agreements

MediScribe Flow is designed to support HIPAA-aligned documentation workflows. If your organization operates as a HIPAA-covered entity or business associate, we provide a Business Associate Agreement (BAA). Please contact us at support@mediscribeflow.com to put a BAA in place before using the Service with protected health information (PHI).

As described in our Privacy Policy, customers remain responsible for ensuring their use of the Service complies with HIPAA, applicable state privacy laws, and their organization's policies.

Data retention & deletion

Voice recordings are deleted from our servers promptly after processing is complete. You can delete all data stored locally on a device at any time from the app, and you can request deletion of your account and associated data by emailing support@mediscribeflow.com. See our Privacy Policy and Account Deletion page for details.

Reporting a security concern

If you believe you have found a security vulnerability or have a security question, please contact us at support@mediscribeflow.com with the subject "Security inquiry." We take reports seriously and will respond promptly.

Request a demo