My Scribe Now Privacy Policy

1. Overview

My Scribe Now is a secure medical transcription platform designed for credentialed physicians and authorized transcription staff. We take privacy, security, and data integrity seriously. This Privacy Policy explains how we collect, use, protect, and disclose personal and medical information in compliance with the Health Insurance Portability and Accountability Act (HIPAA), Oklahoma Administrative Code Title 310, and other applicable laws. By using our website or services, you agree to the terms of this Privacy Policy.

2. Information We Collect

We collect information in two main categories:

a. Physician Account Information

When you register or use the platform, we may collect:

• Name, email address, phone number, and professional contact details
• Medical license or credential verification information
• Login credentials and security questions
• Payment or subscription information (if applicable)

b. Patient and Medical Data (PHI)

When you submit audio recordings for transcription, we process:

• Audio files or voice recordings containing medical dictation
• Transcribed text containing patient health information (PHI)
• Metadata such as timestamps, provider ID, and document references

All PHI is processed only for the purpose of transcription and is handled in full compliance with HIPAA.

3. How We Use Information

We use information solely to:

• Provide secure transcription and delivery of medical documentation
• Verify user identity and maintain system integrity
• Communicate necessary account or service updates
• Ensure quality control, compliance auditing, and troubleshooting
• Improve our platform's performance and user experience (using de-identified data only)

We do not sell, rent, or share user or patient information with third parties for marketing purposes.

4. HIPAA Compliance and PHI Safeguards

My Scribe Now acts as a Business Associate to covered entities under HIPAA. All PHI is:

• Encrypted in transit and at rest using industry-standard encryption (AES-256 or higher)
• Processed only by authorized and trained personnel under confidentiality agreements
• Stored temporarily for the purpose of transcription, then securely deleted in accordance with our retention policy
• Access-controlled via unique credentials and monitored audit logs

We maintain Business Associate Agreements (BAAs) with all vendors and subcontractors who handle PHI.

5. Data Retention and Deletion

Transcriptions and audio files are retained no longer than necessary to deliver the final document, typically 30–60 days, unless otherwise contractually required. After that period, files are deleted using NIST-approved digital erasure standards. Aggregated or anonymized data may be retained for system analytics or legal compliance purposes.

6. Legal Basis for Processing (For GDPR Applicability)

For users in jurisdictions covered by the GDPR, My Scribe Now processes data based on:

• Contractual necessity (to deliver services)
• Legal compliance (e.g., medical record regulations)
• Legitimate interest (to improve system functionality and protect against misuse)

7. Information Sharing and Disclosure

We may share data only under the following circumstances:

• With the physician who owns or controls the PHI
• With authorized staff who have signed confidentiality and compliance agreements
• With third-party service providers that maintain equivalent security standards
• When required by law, court order, or regulatory request

We will never disclose identifiable patient or user data for advertising or analytics purposes.

8. Data Security Measures

To protect against unauthorized access, loss, or misuse, My Scribe Now employs:

• Multi-factor authentication for all system access
• End-to-end encryption for all data transmissions
• Role-based access control for internal users
• Continuous security monitoring and routine audits
• Regular staff training in HIPAA and cybersecurity best practices

In the event of a security breach involving PHI, we will notify affected parties in accordance with HIPAA breach notification requirements.

9. User Rights

Depending on your jurisdiction, you may have the right to:

• Access or obtain a copy of your personal information
• Request correction or deletion of inaccurate data
• Restrict or object to processing under certain conditions
• File a complaint with the appropriate privacy authority

Requests can be submitted by emailing privacy@myscribenow.com (or through the in-app privacy form).

10. Children's Privacy

Our platform is intended for use by licensed professionals only and is not directed toward patients. We do not knowingly collect personal data from minors under 18.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect operational or legal changes. Updated versions will be posted on our website and within the mobile application. Continued use constitutes acceptance of the revised policy.

12. Contact Information

For privacy or compliance inquiries:

My Scribe Now – Privacy Office
A division of Annihilation LTD
Email: privacy@myscribenow.com
Mailing Address: 8816 S. Sheridan Rd, Tulsa, OK 74133
Phone: 888-917-0880