What We Protect
CoChart.ai processes Protected Health Information (PHI) in the form of patient visit audio recordings and the AI-generated SOAP notes derived from them. Under HIPAA, we operate as a Business Associate when used by covered entities (medical practices, clinics, and individual clinicians).
Every interaction with patient data — from recording to note generation to deletion — is logged, access-controlled, and auditable.
Technical Safeguards HIPAA §164.312
HIPAA Technical Safeguards govern how ePHI is stored, transmitted, and accessed. CoChart.ai implements all required controls:
- ✓Unique User Identification — Each clinician has a unique API key. All actions are attributed to a specific user.
- ✓Automatic Logoff — Sessions automatically time out after 30 minutes of inactivity (HIPAA §164.312(a)(2)(iii)). A 2-minute warning is shown before logoff, with a "Stay Logged In" option. If a recording is in progress, the session is held open until the recording completes.
- ✓Audit Controls — Every access to patient data (generation, view, deletion) is logged to a tamper-resistant audit log with timestamp, user, IP address, and action type.
- ✓Access Control — Users can only access their own patient notes. No cross-user data leakage is possible at the API level.
- ✓Encryption in Transit — All data is transmitted over HTTPS/TLS. Audio recordings and SOAP notes are never sent over unencrypted connections.
- ✓Encryption at Rest — Patient data is stored in encrypted PostgreSQL databases (Neon) with AES-256 encryption at the storage layer.
- ✓Data Integrity — SOAP notes are stored with checksums and version tracking. Audit logs are append-only and cannot be modified or deleted.
- ✓Transmission Security — Audio uploads and SOAP notes are sent only over TLS 1.2+ connections to Polsia-operated infrastructure.
Physical & Administrative Safeguards
- ✓Hosted Infrastructure — CoChart.ai runs on Render (SOC 2 Type II certified) with Neon PostgreSQL (SOC 2 compliant, encrypted storage).
- ✓Data Center Security — Physical access controls, environmental protections, and redundancy managed by our infrastructure providers.
- ✓Workforce Controls — Access to production systems is restricted to authorized personnel via role-based access controls.
- ✓Incident Response — Security incidents are logged and investigated. Breaches are reported within 60 days as required by HIPAA Breach Notification Rule.
- ✓Minimum Necessary — We collect only the data needed to provide the service. Audio files are processed and not permanently stored beyond the generated note.
- ✓Training & Policies — Internal HIPAA training and policies for all staff with access to ePHI.
Data Handling Summary
| Data Type | How It's Used | Retention | User Control |
|---|---|---|---|
| Audio Recording | Transcribed via Whisper AI, then discarded. Never stored permanently. | In-memory only during processing | N/A — not persisted |
| Transcript | Used to generate SOAP note. Stored encrypted with the note. | Until user deletes the note | ✓ Delete via API or dashboard |
| SOAP Note | Returned to clinician for review and storage in EHR. Stored for note history. | Until user deletes the note | ✓ Delete via API or dashboard |
| Patient Identifier | Optional clinician-provided reference. Never contains full name in our system. | Until note is deleted | ✓ Scrubbed on deletion |
| Audit Logs | Record of who accessed what, when. Append-only for compliance. | 7 years (HIPAA minimum) | Admin-visible only (required by law) |
| AI Model Inputs | Processed via Polsia AI proxy with data_collection: deny and Zero Data Retention (ZDR) enabled. No patient data is used for model training. |
Never stored by AI providers | Protected at the API level |
Right to Erasure (Patient Deletion Requests)
CoChart.ai supports the right to erasure as required under applicable privacy regulations. When a clinician deletes a note:
- ✓The transcript and all SOAP note fields are immediately scrubbed (overwritten with redaction markers)
- ✓The patient identifier is cleared from the record
- ✓An audit log entry is created recording that the deletion occurred, without retaining the PHI content
- ✓The deletion is irreversible — no backup restoration will restore deleted PHI
Deletion can be performed by the clinician directly via the notes dashboard, or by an administrator on request. All deletions are audited.
AI Processing & Subprocessors
CoChart.ai uses AI models to transcribe audio and generate SOAP notes. Patient data passes through the following subprocessors:
- ✓Polsia AI Proxy — All AI requests route through Polsia's HIPAA-aware proxy. Data collection is disabled (
data_collection: deny). Zero Data Retention (ZDR) is enforced — no prompt logging or training on patient data. - ✓OpenAI (Whisper & GPT-4o-mini) — Used for transcription and note generation via the Polsia proxy under ZDR terms. Subject to BAA with our infrastructure provider.
- ✓Render & Neon — Infrastructure providers with SOC 2 certifications and encrypted storage at rest.
No patient data is sent to advertising networks, analytics providers, or any third party not listed above.
Ready to Sign a BAA?
If your practice is a HIPAA Covered Entity, we can execute a Business Associate Agreement (BAA) with you. Contact us and we'll have it to you within 1 business day.
Request a BAA → Or email us with questions