Login
Sign up

HIPAA Compliance

HIPAA Compliance Statement

Tempida LLC – AI-Powered Medical Documentation Platform

Overview

Tempida LLC provides a medical documentation solution that uses artificial intelligence (AI) to assist physicians in generating encounter notes. Our system architecture and operations are designed with HIPAA compliance at the forefront. This document outlines how we safeguard protected health information (PHI) across all components of our system.

1. Data Flow & PHI Handling

Data Collection

  • Physicians record patient encounter audio using an iOS app or Apple Watch app.

  • The Apple Watch transfers audio to the iOS app over an encrypted connection.

  • Upon finalizing a patient, the app uploads the audio and limited metadata (e.g., patient name) to a secure server hosted on AWS EC2 via SSL/TLS.

  • After upload, the iPhone deletes all patient data (audio + metadata).

Server-Side Processing

  • Audio and metadata are temporarily stored in an encrypted AWS S3 bucket.

  • The server sends the audio to AI Scribe, a privately hosted AI in AWS, over a secure connection to generate a medical note which is stored in the encrypted S3 bucket.

  • Once transcription is complete, the original audio file is deleted from S3.

AI Customization

  • The generated medical note is modified per user-defined preferences using AI Editor, a second privately hosted AI service in AWS, with secure transmission of text and prompts.

  • The resulting final note is stored temporarily for user access in the encrypted S3 bucket.

Web Application Access

  • Physicians access notes via a secure, SSL-encrypted browser-based web app.

  • Notes can be edited manually or modified using a real-time voice-to-text editor.

  • Voice input is securely streamed over WSS to a dedicated EC2 server, which relays audio securely to AWS Transcribe Medical, then returns the transcript to the browser in real time over the secure WSS connection.

  • Once the user is satisfied with the note, the text is automatically copied to the clipboard.

  • A third AI component, known as AI Autopilot, is a Windows application that monitors the clipboard.

  • It uses computer vision to detect the layout of the EMR on the screen and performs all necessary button clicks, scrolling, and data entry to input the note from the editor into the EMR automatically.

  • At no point does the PHI from the clipboard leave the local computer; it remains stored only in RAM and is never written to disk.

2. Security & Privacy Controls

Encryption

  • All data in transit is encrypted via SSL/TLS.

  • All data at rest in S3 is encrypted using AES-256 via AWS-managed keys.

  • WebSocket voice streaming uses WSS with strong authentication and encryption.

Access Control

  • Only authenticated users can access patient data via the iOS and web apps.

  • AWS IAM policies restrict access to resources.

  • Administrative access to EC2 and S3 is limited to authorized personnel and protected using MFA.

Data Minimization and Retention

  • No PHI is permanently stored on any device or server.

  • Users may delete patients manually, which triggers immediate deletion of all associated PHI from the system.

  • Any PHI not deleted manually is automatically purged after 30 days, ensuring data minimization.

Audit & Monitoring

  • Access logs and user interactions are logged for audit purposes.

  • System monitoring alerts are configured to detect unauthorized access or system anomalies.

3. Business Associate Agreement (BAA)

A Business Associate Agreement (BAA) is in place with Amazon Web Services (AWS), covering services such as:
– EC2
– S3
– AI Scribe
– Transcribe Medical
– AI Editor

Additionally, all Tempida users are required to sign a Business Associate Agreement (BAA) during the account registration process. This ensures all parties involved acknowledge and accept their responsibilities regarding the safeguarding of protected health information (PHI).

4. Breach Response

In the event of a breach, Tempida LLC follows its incident response plan, including:
– Prompt containment
– Risk assessment
– Notification per HIPAA Breach Notification Rule (45 CFR §§ 164.400-414)

5. User Responsibilities

Users are responsible for safeguarding access to the mobile and web applications.
It is the user’s responsibility to ensure the finalized note is reviewed before it is transferred into the EMR via AI Autopilot.

Conclusion

Tempida LLC is committed to safeguarding protected health information (PHI) and maintaining full compliance with the Health Insurance Portability and Accountability Act (HIPAA). Our systems are designed to minimize PHI retention, enforce secure access, and ensure end-to-end encryption across all workflows.

HIPAA Security Rule Safeguards

Safeguard Type Implemented Measures
Administrative Role-based access, audit logging, breach notification process
Physical AWS data center security; no physical PHI storage outside AWS
Technical Encryption in transit and at rest, authentication, secure session handling

Copyright 2025 Tempida LLC.  All Rights Reserved.