How is my patient data protected?

We implement enterprise-grade security with role-based access controls, end-to-end encryption in transit and at rest, and comprehensive audit trails. Each organization gets a dedicated secure server environment. All PHI is automatically deleted after 3 days, and users can manually delete data anytime.

How do you ensure healthcare data security?

We implement enterprise-grade security measures including end-to-end encryption, role-based access controls, and comprehensive audit trails. We have signed Business Associate Agreements (BAA) with all our cloud infrastructure and AI providers. We maintain zero data retention policies with our AI vendors, meaning your PHI is never used for training or any other purpose beyond your immediate clinical needs.

How fast can we get started?

Most practices are fully onboarded within 4-5 business days after the initial demo. We'll set up your dedicated secure server, configure EMR integration, and provide comprehensive training to your team.

Which EMR systems do you integrate with?

We currently integrate with eClinicalWorks, with seamless bidirectional sync for documents, lab results, and clinical notes. We're actively expanding our integration capabilities based on customer demand. Contact us to discuss your specific EMR needs.

What happens to my data if I cancel?

You maintain full control of your data. Upon cancellation, you can export all your data in standard formats. We permanently delete all data from our servers within 30 days of account closure, or immediately upon your request.

Do you use my patient data to train AI models?

Absolutely not. We have zero data retention agreements with all our AI providers. Your PHI is processed only for your immediate clinical needs and is never used for training, model improvement, or any other purpose. This is contractually guaranteed through our BAAs.

Back to Home

Privacy Policy

Last updated: March 2026

Our Commitment to Privacy

At IMSAI (Integrity Med Solutions AI), we take the privacy and security of your Protected Health Information (PHI) seriously. This Privacy Policy explains how we collect, use, protect, and handle your data.

PHI Protection & Usage

Zero Training or Self-Use Policy

We never use your PHI for AI model training, self-improvement, or any purpose other than providing our clinical documentation services to you. Your patient data is processed solely to generate clinical summaries, documentation, and insights for your immediate healthcare needs.

Business Associate Agreements (BAA)

We have signed comprehensive Business Associate Agreements with all our cloud infrastructure providers and AI service vendors. These agreements contractually guarantee healthcare data protection and compliance at every stage of processing.

Zero Data Retention with AI Providers

Our contracts with AI providers explicitly prohibit data retention. Your PHI is processed in real-time and immediately discarded by our AI vendors after processing. They cannot and do not store, log, or retain any of your patient data.

Use of the IMSAI Chrome Extension

The IMSAI Chrome Extension is designed to assist licensed healthcare providers in generating clinical documentation while using Electronic Medical Record (EMR) systems such as eClinicalWorks, with additional EMR integrations planned.

When installed, the extension may access information displayed within supported EMR interfaces that is already visible to the authorized user. This information may include clinical notes, patient history, and other documentation necessary to generate structured medical documentation.

The extension processes this information only to provide real-time assistance with medical documentation and workflow automation. Data processed by the extension may be securely transmitted to IMSAI infrastructure hosted under the integritymedsolutions.com domain for processing and generation of clinical documentation.

IMSAI does not use Protected Health Information (PHI) accessed through the extension for model training or analytics. Any PHI processed is used solely for the purpose of generating clinical documentation requested by the healthcare provider.

IMSAI is designed to operate in accordance with HIPAA privacy and security principles for handling Protected Health Information. PHI processed through the IMSAI platform is automatically deleted within a limited retention window as described in this policy.

Medical Scribe & Audio Recording

The IMSAI extension includes an AI-powered medical scribe feature. When a healthcare provider initiates a recording session, the extension captures audio of the provider-patient visit solely to generate structured clinical documentation such as SOAP notes and visit summaries.

Recording is Always Provider-Initiated

Audio recording only begins when the healthcare provider explicitly clicks the record button. The extension never records passively or without deliberate action by the authorized user.

Audio Data Retention & Deletion

Audio recordings and any transcriptions or documentation derived from them are automatically and permanently deleted from our systems within 3 days of creation. This applies to all visit data regardless of whether documentation was generated. You may also manually delete any visit data at any time through your dashboard.

Audio Data Is Never Used for Training

Audio recordings, transcriptions, and generated documentation are never used to train AI models, improve algorithms, or for any purpose beyond generating the requested clinical documentation for that visit.

Browser Permissions

The IMSAI Chrome Extension requests certain browser permissions in order to function correctly within supported EMR systems. These permissions may include:

Access to specific EMR webpages (currently eClinicalWorks at ecwcloud.com) in order to read and insert documentation fields
Local storage to securely store authentication tokens and user preferences
Scripting permissions to allow the extension to interact with EMR interface elements
Microphone access, requested by the browser at runtime when the provider initiates a scribe recording session. This permission is never requested passively and is used solely to capture audio for clinical documentation purposes

These permissions are used solely to enable the extension's documentation assistance features and are not used for advertising, tracking, or unrelated data collection.

Data Transmission

Information processed by the IMSAI Chrome Extension may be securely transmitted to IMSAI infrastructure hosted under the integritymedsolutions.com domain for processing and generation of clinical documentation.

All communication between the extension and IMSAI infrastructure is encrypted using industry-standard TLS protocols. IMSAI does not sell, share, or disclose Protected Health Information for marketing or advertising purposes.

Automatic Data Deletion

To minimize data exposure and enhance security, we automatically delete all PHI from our systems 3 days after creation. This automated deletion policy ensures that your data doesn't linger in our systems longer than necessary.

Additionally, you maintain full control and can manually delete any PHI at any time through your dashboard. Deleted data is permanently and irrecoverably removed from all our systems within 24 hours.

Dedicated Secure Infrastructure

Each organization using IMSAI receives a dedicated, isolated server environment. Your data is never commingled with other organizations' data. This architectural approach provides:

Physical and logical data isolation
Dedicated encryption keys per organization
Independent backup and disaster recovery
Customizable security policies and access controls

Security Measures

✓

End-to-End Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)

✓

Role-Based Access Control (RBAC): Granular permissions ensure users only access data they need

✓

Comprehensive Audit Trails: Every access and action is logged for compliance and security monitoring

✓

Multi-Factor Authentication (MFA): Required for all user accounts

✓

Regular Security Audits: Third-party penetration testing and vulnerability assessments

Data We Collect

We only collect data necessary to provide our clinical documentation services:

Clinical documents from your EMR system
Lab results and radiology reports
Audio recordings of provider-patient visits (only when explicitly initiated by the provider via the scribe feature), along with transcriptions and generated documentation derived from them
User account information (name, email, role)
System usage logs for security and compliance

Your Rights

Under applicable data protection laws, you have the right to:

Access your PHI at any time through your dashboard
Request corrections to inaccurate data
Delete your PHI manually at any time
Export your data in standard formats
Receive a detailed accounting of all PHI disclosures
Opt out of the service and have all data permanently deleted

Account Cancellation

Upon account cancellation, you can export all your data in standard formats (PDF, CSV, HL7, FHIR). We permanently delete all your data from our systems within 30 days of cancellation, or immediately upon request. Once deleted, data cannot be recovered.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes via email and update the "Last Updated" date at the top of this page.

Contact Us

If you have any questions about this Privacy Policy or our data practices:

Email: support@integritymedsolutions.com