Is Heidi Health HIPAA compliant?
Verified Re-verified quarterly
Heidi Health operates under a signed BAA for US clinicians, encrypts data with TLS 1.2+ in transit and AES-256 at rest, and defaults to no training on customer session content. The company holds SOC 2 Type II and ISO 27001 attestations.
Two caveats worth knowing. First, Heidi's default hosting is in the US, EU or Australia depending on region — confirm your data-residency selection at signup. Second, for US SUD programs (42 CFR Part 2), request the Part 2 addendum to the BAA before recording; it isn't automatic.
For deeper compliance detail see our full Heidi Health review.
Related tool
Heidi Health — full review
Multi-specialty AI scribe with strong therapy template support and ANZ/UK reach