1. Overview

At FasterNote, we recognize the ethical and legal responsibility of safeguarding electronic protected health information (ePHI). Our team, composed of experienced mental health professionals (Ph.D., LMFT, LCSW, LPCC), is committed to ensuring that our software complies with the Health Insurance Portability and Accountability Act (HIPAA) and the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

This document outlines the HIPAA compliance measures implemented by FasterNote to ensure user data remains private and secure.

2. HIPAA and FasterNote Products

The HIPAA compliance obligation applies to any covered entity or business associate that receives, transmits, retains, or stores ePHI.

2.1 FasterNote’s Role in HIPAA Compliance

• FasterNote does not transmit, retain, or store any ePHI.
• All ePHI remains on the user’s local computer system and is never stored on FasterNote’s servers.
• Any ePHI entered into FasterNote is processed locally within the user’s browser and never transmitted over the internet.

2.2 User Responsibility for HIPAA Compliance

• Because FasterNote does not store or transmit ePHI, compliance with HIPAA standards is the responsibility of the user.
• Users must ensure that their local computer system and Electronic Health Record (EHR) system comply with HIPAA security standards.
• It is the user’s responsibility to prevent unauthorized access to their local system by implementing proper security measures.

3. HIPAA Compliance Measures at FasterNote

To uphold the highest ethical and security standards, FasterNote has implemented the following HIPAA compliance measures:

• Designated HIPAA Compliance Officer who oversees HIPAA privacy and security policies.
• All employees receive HIPAA compliance training every two years as per HIPAA regulations.
• HIPAA Compliance Binder is maintained with documentation of all FasterNote privacy and security policies.
• Data Security and Encryption Standards:
  • No passwords are stored – FasterNote uses OTP (One-Time Passcodes) sent to the user’s email for login.
  • All communications are encrypted using industry-standard security protocols (TLS 1.2/1.3).
  • All stored user preferences are anonymized and do not include ePHI.

4. User Guidelines for HIPAA Compliance

Since FasterNote does not store ePHI, users must take precautions to maintain HIPAA compliance. Below are some best practices:

• Encrypt the hard drive of the device where ePHI is stored.
• Use a secure login method to protect access to your local device.
• Ensure all malware and antivirus protections are updated.
• Limit electronic transmission of ePHI (e.g., avoid using unsecured email to send patient records).
• Use a HIPAA-compliant EHR system for storing clinical notes.
• Do not leave devices containing ePHI unattended.
• Backup ePHI securely in an encrypted external storage device or secure cloud service.
• Properly delete ePHI before disposing of or decommissioning your computer.

5. HIPAA Compliance for AI-Assisted Notes

5.1 AI & Local Processing of ePHI

• All AI-assisted note generation is processed locally within the user’s browser.
• FasterNote does not transmit or retain any ePHI when using AI-powered tools.
• Users should ensure that identifiable ePHI is not entered into AI fields unless stored securely in their local system.

5.2 Preventing Unintended ePHI Transmission

To maintain HIPAA compliance, users must avoid entering identifiable patient data into fields that interact with AI. Identifiable ePHI includes:

• Names, Social Security Numbers, Addresses, Phone Numbers
• Dates of Birth, Admission Dates, Health Insurance IDs
• Any identifying information that links a patient to their medical record

Example:

• “Depressed mood and anxiety” = NOT ePHI
• “Ms. Smith demonstrates depressed mood and anxiety” = ePHI
• “Ms. Smith’s symptoms are recorded electronically” = ePHI

6. Secure AI Note Generation

6.1 How AI Notes Remain HIPAA-Compliant

• AI-generated text is created locally on the user’s device.
• No identifiable ePHI is processed, stored, or shared with FasterNote’s servers.
• Users should review AI-generated text to ensure that it does not contain unintended ePHI before saving or storing it.

6.2 Recommended Security Practices for AI Users

• Ensure all AI-generated notes are reviewed and de-identified before storing them.
• Use local encryption for AI-generated notes containing sensitive data.
• Regularly review AI-generated templates to confirm no unintentional PHI is included.

7. HIPAA & Data Storage Policies

7.1 FasterNote’s Storage Policy

• FasterNote does not store PHI, AI-generated notes, or user data on our servers.
• Users are responsible for securely storing their own clinical notes on a HIPAA-compliant system.

7.2 Best Practices for Secure Data Storage

• Store notes in a HIPAA-compliant EHR system.
• Use encrypted local storage if storing notes on your personal device.
• Delete old patient records securely by wiping the device or using a professional data erasure tool.

8. Compliance & Audit Policies

FasterNote undergoes regular security audits to ensure continued compliance with HIPAA regulations. Our policies are reviewed and updated regularly.

8.1 Compliance Measures

• Routine internal compliance audits to verify HIPAA security adherence.
• Ongoing staff training on HIPAA and data protection regulations.
• Implementation of security patches and encryption updates.

8.2 Reporting HIPAA Compliance Concerns

If you have questions or concerns regarding HIPAA compliance, you may contact us at:

📧 Email: Hello@fasternote.com
📬 Postal Mail: FasterNote, 3909 S Maryland Pkwy Ste 314-267, Las Vegas, NV 89119

9. Updates to This Policy

This HIPAA Compliance Policy may be updated periodically to reflect changes in regulatory requirements and security best practices.

Last Updated: January 22, 2025

By using FasterNote, you acknowledge and agree to this HIPAA Compliance Policy.