Your first questions are usually the most important: "Is this tool secure? Will it protect my patients' data? Are we covered from a compliance standpoint?" 

These are fundamental to running a responsible healthcare practice. And with AI, the stakes feel even higher.

That’s why Freed’s AI scribe was designed from the start to meet the highest standards in healthcare privacy, security, and compliance — so you can document confidently and focus fully on patient care.

Here’s what our security-first approach means for your practice.

Why data privacy matters for clinicians

Data privacy isn’t an abstract IT concern — it touches every aspect of care. When patients share intimate details about their health, they assume those details will stay protected. Any hint that their information is unsafe can lose trust — immediately. 

With their confidence, security, and PHI at stake, data privacy must be core to our clinical infrastructure:

• Patient trust – a breach erodes confidence in your practice.
• Regulatory risk – fines for HIPAA, GDPR, or CCPA violations can cripple a small clinic.
• Operational continuity – secure systems keep your workflow running 24/7.

In a 2024 industry survey by the HIPAA journal, nearly 7 in 10 clinicians said protecting patient data is a top concern when adopting new digital tools." This aligns with broader findings that cyberattacks are a major source of physician concern.

Where your clinical data goes with Freed

Every piece of patient data handled by Freed is protected through multiple layers of security and encryption. Here’s how: 

• End‑to‑end encryption: All data is encrypted in transit using TLS 1.2–1.3 and stored with AES‑256 encryption, ensuring protection at every step.
• No audio retention by default: Freed processes your recording, generates the clinical note, and then automatically deletes the audio. Users and organizations can adjust note retention preferences within their account settings.
• HIPAA‑secure infrastructure: All data is processed exclusively in HIPAA‑compliant environments. Freed partners only with third parties under signed BAAs that meet or exceed our own protections.
• Access controls: Strict authentication protocols ensure only authorized users can access patient data.
• U.S.-based storage: All data is stored securely in United States-based servers.
• No AI training on PHI: Our AI never trains on Protected Health Information, ensuring total privacy.
• Clinician control: You have complete control over note and recording deletion
• Flexible retention policies: Manually delete notes anytime or enable 30-day auto-deletion.
• Multi-factor authentication: Optional MFA and Single Sign-On for additional security layers.
• Role-based permissions: Customizable access management for organizations.

Visit our security page to learn more about how Freed safeguards clinical data.

Who owns and controls the data? 

Ownership stays exactly where it belongs—with clinicians and their organizations.

Each Freed user has a secure, private workspace and full control over their data. You can delete, edit, or export notes any time, even after your contract ends.

Freed’s models don’t use identifiable data for AI training. Instead, the system learns safely from non‑PHI structural feedback, ensuring accuracy while preserving strict privacy boundaries.

Learn more about how Freed’s AI works behind the scenes.

"I have full confidence. I have no worry about any audits whatsoever. I'm like, bring it because I know that the way they have gotten stuff laid out, it's done... no concern about an audit. It has everything." — Mariah H, Psychiatric NP
→ Read Mariah’s story

AI security you can trust

Freed’s AI scribe doesn’t just hear your visit. It understands clinical language securely through:

• Clinical ASR (automatic speech recognition) transcribes with medical‑grade accuracy.
• LLM‑based summarization filters out irrelevant chatter and focuses only on medically significant details.
• Specialty‑aware templates ensure notes sound like your voice and follow your preferred documentation format.

This entire workflow operates inside HIPAA‑compliant servers with encrypted pipelines and PHI isolation.

Patient consent practices

Freed encourages transparent communication with patients. Obtaining verbal or written consent before recording is considered best practice and may be required by certain jurisdictions.

Not required by Freed: Consent practices are up to each organization, and we consider it to be best practice. But, Freed doesn’t require it. 

Common ways clinicians handle consent include:

• A brief verbal confirmation at the start of the visit (sample script here)
• Signage in the waiting room indicating that outpatient visits may use ambient scribe technology
• Consent forms or digital intake acknowledgments

Building consent into your workflow promotes patient trust while keeping your practice on solid regulatory footing.

How Freed handles training AI models 

Freed never uses Protected Health Information for AI training purposes. Our AI model is designed with HIPAA compliance at its core and is only trained on de-identified notes that have been stripped of all patient identifiers.

Every single conversation you have with patients is private. Freed’s models only train on de-identified notes. We never share your clinic’s data with external parties.

HIPAA compliance (and other standards) with Freed

Freed holds several industry-leading security certifications and compliance standards:

• SOC 2 Type 1 and Type 2 certified: Demonstrates rigorous controls for data security and confidentiality through independent third-party audits
• HIPAA and HITECH compliant: Meets or exceeds all requirements for protecting patient health information
• OWASP standards: Enforces Open Worldwide Application Security Project secure coding standards with regular audits
• FIPS PUB 140-2: Cryptographic modules follow Federal Information Processing Standards

Freed follows HIPAA security and privacy standards to protect patient information and maintains Business Associate Agreements (BAAs) with all enterprise customers. Our BAA is in use with hundreds of health systems and rarely requires edits. It covers your entire organization.

Additionally, Freed’s infrastructure includes protections validated via third-party security assessments and contracts. 

“My Achilles’ heel has been therapy notes – a necessary task, but very daunting. I am very appreciative of Freed being HIPAA compliant. The construct of the note is clinical and objective. Freed has truly freed me to be more connected in my session.” – Sonia Salmon-Gayle, LCPC

Learn more about our security and compliance protocols. 

Legal protections and offboarding

If you ever want or need to leave Freed, Freed’s legal framework is designed to be simple and mutually protective. Our terms are straightforward: 

• Mutual indemnification: Your organization is protected if Freed causes legal issues (e.g., IP violations), and Freed is protected against misuse or improper data handling by third parties.
• Standard liability cap: Equivalent to 12 months of paid fees, with exceptions for gross negligence or confidentiality breaches.
• Easy termination: A 30‑day notice period and one‑click export ensure you maintain complete data portability if you ever leave Freed.

These terms are built to uphold clinician confidence and create fairness for both sides.

Start securely with Freed

Clinicians shouldn’t have to choose between staying secure and staying caught up. With Freed, you get both—robust protection and stress‑free documentation.

Many practices begin with a small pilot of one or two clinicians, quickly expanding once they experience the saved hours and peace of mind.

👉 Start a free, HIPAA‑safe trial (no credit card required) or connect with our team to see how Freed protects your practice.