Effective Date: September 16, 2025
Last Updated: September 16, 2025
Welcome to ParaScribe ("we," "our," or "us"). ParaScribe is a healthcare documentation platform designed for Emergency Medical Services (EMS) professionals to streamline patient care reporting and clinical documentation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
By using ParaScribe, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access or use our services.
Information We Collect
User Account Information
- • Email address and password (encrypted)
- • Role designation (admin, provider, staff, developer)
- • Practice and facility associations
- • Payment tier and subscription information
Protected Health Information (PHI)
- • Patient identification (name, date of birth, contact information)
- • Medical information (chief complaints, vital signs, allergies, medications)
- • Clinical notes and observations
- • Audio recordings of patient encounters
- • Transcriptions of medical consultations
- • Incident information and EMS response details
Technical Information
- • IP addresses for security and access control
- • Session identifiers and API usage logs
- • Audio format and recording metadata
- • System diagnostics and error logs
How We Use Your Information
- • Generate clinical documentation and patient care reports
- • Transcribe audio recordings using AI technology
- • Create structured medical records for EMS runs
- • Integrate with ePCR systems (ImageTrend, ESO, Firehouse, etc.)
- • Enable sharing and handoff of medical cases between providers
- • Provide patient search and history functionality
- • Maintain audit logs for HIPAA compliance
- • Improve transcription accuracy and clinical documentation quality
Data Security & HIPAA Compliance
Everything we do is HIPAA compliant. We implement comprehensive security measures to protect your information:
- • Encryption: All data encrypted in transit (TLS 1.2+) and at rest
- • Access Controls: Role-based access control and JWT authentication
- • Business Associate Agreements: All third-party providers have signed BAAs
- • Audit Logging: Complete audit trails for all PHI access
- • 7-Year Retention: PHI retained as required by HIPAA regulations
- • Incident Response: Comprehensive breach notification procedures
Third-Party Services
We use the following HIPAA-compliant services with Business Associate Agreements in place:
- • Google Cloud: Our primary data processor for infrastructure and storage
- • OpenAI: AI transcription and clinical documentation services (HIPAA-compliant)
- • Stripe: Payment processing (PCI-compliant)
- • ePCR Systems: ImageTrend, ESO, Firehouse, Zoll, EMSCharts, Elitefield
Data Retention
- • PHI and Medical Records: 7 years as required by HIPAA
- • Audio Recordings: 7 years with automatic versioning
- • Account Information: Retained while active plus 7 years after closure
- • Audit Logs: 7 years for compliance requirements
Your Rights
- • Access and download your clinical documentation
- • Export patient records in PDF format
- • Request copies of audio recordings
- • Update account information and patient records
- • Delete individual patient runs (subject to legal requirements)
- • Control sharing permissions for medical cases
Children's Privacy
ParaScribe is not intended for individuals under 18. Healthcare providers using our service are responsible for obtaining appropriate consent for documenting pediatric patient encounters.
Breach Notification
In the event of a data breach affecting PHI, we will notify affected users within 72 hours of discovery and report to relevant regulatory authorities as required by law.
Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date.
Company Information
ParaScribe is operated by Embarcadero Health, Inc., a Delaware C Corporation.