Daily Ambient Scribe: Engineered for Security and Privacy in Healthcare

Daily is committed to upholding the highest standards of security and privacy. Privacy is at the core of our ethos. Since our founding in 2016, Daily’s solutions have been built to collect the minimum amount of information required to deliver our services. This means that our products and services deliver on their mission while minimizing data collection and associated risks.

Our mission is to deliver healthcare solutions that streamline care for providers, enabling them to deliver the best care possible. To be successful in that goal, it’s crucial that we earn your trust. This article provides transparency into how our services work, how we use and handle your data, and how our organization functions with regards to security and compliance.

How Ambient Scribe works

Ambient Scribe automatically turns patient encounters and provider dictations into clinical documentation. While this might feel like magic, the service is built with world-leading, healthcare-tuned technology solutions. Let’s take a look at how this works.

The Ambient Scribe application is available in your browser, as a Windows and Mac app, or as an iOS and Android app. It listens to your conversation or dictation and sends the audio to Deepgram’s Nova-2 medical speech-to-text model for real-time transcription. Note that the transcription model can be customized: our architecture supports using an organization’s preferred LLMs, to replace our default models.

Once the conversation concludes, the transcript is sent to Daily’s Clinical Documentation Engine, which works in accord with OpenAI’s latest GPT-4 model, to generate your clinical note, a summary and optional instructions for the patient, and suggested diagnoses. (Again, the LLM used can be customized.) The engine ensures that the AI model provides accurate information, filtering out errors and hallucinations, while also formatting the note according to your preferences.

The generated clinical documentation is sent back to the Ambient Scribe app for you to review and edit, as needed. All of this happens in less than 30 seconds, ensuring that you have accurate information generated in a timely manner.

Finally, the documentation is stored as encrypted files in AWS’s cloud storage for you to access across different platforms.

If you’ve integrated an EHR with Ambient Scribe, it will use patient information to enrich the note generation and can automatically send the documentation back into the EHR once your review has concluded. Here’s a visual depicting the process:

Your data & privacy

Ensuring transparency in how we handle your data is a core principle at Daily. Ambient Scribe requires only audio input to create a clinical note, patient summary and instructions, and diagnoses. When integrated with your EHR, Ambient Scribe also accesses patient record information to enrich clinical documentation generation. Neither audio nor patient information from the EHR are stored long-term by Daily.

By default, we store transcripts and clinical documentation for 30 days, but this retention period can be adjusted according to your policy needs. Within these 30 days, the expectation is that your data will be exported to your EHR, which acts as the source of truth for patient information.

All data is encrypted both in transit using TLS and at rest using AES-256, ensuring maximum security throughout the data lifecycle. Transcripts and clinical documentation are stored in an encrypted, HIPAA-compliant cloud environment rather than on local devices, reducing the risk of HIPAA violations in the event a device is stolen or misplaced.

Security & compliance

Daily’s Ambient Scribe is designed to meet the highest standards of compliance:

• HIPAA Compliance: Ensuring that all patient data is handled according to HIPAA regulations.
• SOC 2 Type 2 Certification: Demonstrating our commitment to security, availability, and confidentiality.
• GDPR Compliance: Ensuring data protection for our European customers, regardless of where they live.
• CCPA Compliance: Meeting the California Consumer Privacy Act standards to protect the privacy of our users in California.

For more details about our security program, you can request access to our Trust Center. In the Trust Center, you’ll find our latest SOC 2 report, penetration test results, and a continuously updated monitoring of our security and compliance controls.

Daily is built on the best technology stack with partners equally focused on security and privacy. The following partners have signed a BAA with Daily and are committed to protecting your information:

• AWS: Cloud provider and core infrastructure (US)
• Oracle Cloud: Media services (US)
• Deepgram: Medical-grade transcription (US)
• OpenAI: Latest ChatGPT model (US)
• ScienceIO: Medical concept enrichment, de-identification (US)

Conclusion

Daily’s Ambient Scribe is meticulously designed with security and privacy at its core, ensuring that patient data is protected at every step. Our thoughtfully built infrastructure and robust compliance program make us a trusted partner in the healthcare industry, enabling clinicians to focus on what they do best—providing exceptional patient care. By adhering to stringent security protocols and offering customizable data controls, we ensure that our customers can rely on us for both innovation and integrity.