Best AI therapy scribes by country
Compliance posture differs sharply by jurisdiction — HIPAA in the US, UK GDPR in the UK, PHIPA and Quebec Law 25 in Canada, APPs in Australia, GDPR+BDSG in Germany. Pick your country to see the ranking filtered for vendors that actually work there.
Key takeaways
- Always confirm a signed BAA (US) or GDPR DPA (UK/EU/IE) before clinical use.
- SUD programs in the US additionally need 42 CFR Part 2 awareness in the contract.
- Canadian PHIPA and Quebec Law 25 push toward Canadian or contractual data residency.
- Germany expects EEA data residency by default — fewer US vendors qualify cleanly.
All countries
HIPAA + BAA required; SUD programs additionally bound by 42 CFR Part 2; state-level privacy laws (CA CMIA, NY SHIELD) layer on top.
UK GDPR + Data Protection Act 2018; ICO registration; NHS DSP Toolkit for NHS-facing work; clinical governance via BACP / BPS / UKCP / HCPC depending on registration.
PIPEDA federally; PHIPA (Ontario), HIA (Alberta), and provincial counterparts; Quebec Law 25.
Privacy Act 1988 + Australian Privacy Principles (APPs); state-level health records legislation in NSW, VIC, ACT.
GDPR + BDSG; Psychotherapeutengesetz; KBV documentation requirements for SHI-covered care.
GDPR + Irish Data Protection Act 2018; IACP / PSI / CORU codes depending on registration.