HIPAA Compliance

Our approach to HIPAA

TheraScribe is designed so that Protected Health Information (PHI) is never stored on our servers. We process session audio to generate notes, then immediately discard all session content. This architectural decision is the foundation of our HIPAA compliance approach.

Business Associate Agreements

As a vendor used by therapists (HIPAA covered entities), Haven Command LLC operates as a Business Associate. We have signed BAAs with all sub-processors that handle session data:

• Anthropic — BAA covers use of the Claude Messages API
• AssemblyAI — BAA covers audio transcription processing

What we do to protect PHI

• Audio preprocessing occurs in your browser — noise suppression runs locally before audio is transmitted
• Audio is transmitted over TLS-encrypted connections only
• AssemblyAI is instructed to delete audio files immediately after transcription
• Transcripts are passed to Anthropic for note generation and are not retained
• No session content (audio, transcript, or notes) is written to our database
• Only non-PHI metadata (duration, format, timestamp) is stored

Requesting a BAA

If your organization requires a signed BAA with Haven Command LLC directly, please contact hipaa@therascribe.com.

Contact

Haven Command LLC
hipaa@therascribe.com