Skip to content

Is Heidi Health HIPAA compliant?

Verified Re-verified quarterly
Reviewed by TherapyScribes EditorialFacts verified Methodology

Heidi Health operates under a signed BAA for US clinicians, encrypts data with TLS 1.2+ in transit and AES-256 at rest, and defaults to no training on customer session content. The company holds SOC 2 Type II and ISO 27001 attestations.

Two caveats worth knowing. First, Heidi's default hosting is in the US, EU or Australia depending on region — confirm your data-residency selection at signup. Second, for US SUD programs (42 CFR Part 2), request the Part 2 addendum to the BAA before recording; it isn't automatic.

For deeper compliance detail see our full Heidi Health review.

Related tool
Heidi Health — full review

Multi-specialty AI scribe with strong therapy template support and ANZ/UK reach

Sources

  1. [1]Heidi Health trust center

Related questions