Yes. A Business Associate Agreement is provided to every SAI customer -- it is not an add-on or an upgrade. Contact us to request yours.

lorem

NEW

Learn about the SAI by Scrivas advantage

→

Learn about the SAI by Scrivas advantage

→

SAI AI Scribing

On-Site Services

Industry Solutions

SAI Pricing

Resources

SAI Login

Book a demo

Your Patients’ Data Is Safe With SAI.

Q: Does SAI store patient audio?

No. Audio is automatically and permanently deleted once the clinical note is generated. No audio is stored on SAI servers after that point.

Q: Is SAI HIPAA compliant?

Yes, fully. SAI is HIPAA compliant and every customer receives a Business Associate Agreement (BAA) as standard, at no additional cost.

Q: Is patient data used to train AI models?

No. Patient data processed through SAI is never used to train AI models without explicit written consent.

Q: Where is my data hosted?

All SAI data is hosted on AWS infrastructure in US regions, using HIPAA-eligible services only. No data is processed or stored outside the United States.

Q: What happens to my data if I cancel?

Your data remains accessible for 90 days after cancellation, then is permanently deleted. You can request immediate deletion at any time and we will confirm completion in writing.

Q: Is SAI SOC 2 certified?

Yes. SAI is SOC 2 Type II certified, independently audited on an annual basis. The full report is available under NDA on request.

SAI is built on HIPAA-eligible infrastructure, independently audited, and
designed so that patient data stays protected at every step — from the
moment you speak to the moment the note is finalized.

HIPAA Compliant

BAA provided to every customer

SOC 2 Type II

Independently audited annually

AES-256 Encrypted

At rest and in transit

AWS US Infrastructure

HIPAA-eligible services only

Medical Scribes Specialties

HIPAA Compliant

BAA provided to every customer

SOC 2 Type II

Independently audited annually

AES-256 Encrypted

At rest and in transit

AWS US Infrastructure

HIPAA-eligible services only

Your Patients’ Data Is Safe With SAI.

HIPAA Compliant

BAA provided to every customer

SOC 2 Type II

Independently audited annually

AES-256 Encrypted

At rest and in transit

AWS US Infrastructure

HIPAA-eligible services only

SAI Does Not Store Patient Audio

Audio is captured locally during the encounter solely to generate the clinical note. Once the note is complete, the audio is automatically and permanently deleted. No audio archive. No recordings on file. What remains is the structured clinical note — the same information a physician would document manually.

How audio is handled

Audio captured during encounter for note generation only

Automatically and permanently deleted once note is complete

No audio stored on SAI servers at any point after deletion

Physician can disable recording at any time

Patient consent and notification

Patient notification and consent guidance provided at onboarding

Opt-out controls available to physicians per clinic policy

No patient identification stored with audio during processing

SAI Does Not Store Patient Audio

How audio is handled

Audio captured during encounter for note generation only

Automatically and permanently deleted once note is complete

No audio stored on SAI servers at any point after deletion

Physician can disable recording at any time

Patient consent and notification

Patient notification and consent guidance provided at onboarding

Opt-out controls available to physicians per clinic policy

No patient identification stored with audio during processing

SAI Does Not Store Patient Audio

Our Patient Experience Liaison program was built with hospitals in mind, integrating seamlessly into existing Patient Experience and Quality workflows. Scrivas PELs are specially trained healthcare support professionals who embed within your Patient Experience and Quality teams to improve communication, enhance patient satisfaction, and support overall care quality. They perform bedside rounding, follow-up calls, and real-time service recovery—bridging patients, families, and providers to strengthen care

coordination.

How audio is handled

Audio captured during encounter for note generation only

Automatically and permanently deleted once note is complete

No audio stored on SAI servers at any point after deletion

Physician can disable recording at any time

Patient consent and notification

Patient notification and consent guidance provided at onboarding

Opt-out controls available to physicians per clinic policy

No patient identification stored with audio during processing

HIPAA Compliance

SAI is fully HIPAA compliant. Every customer receives a Business Associate Agreement as standard -- not on request, not as an upgrade. The minimum necessary principle governs all data access: SAI only processes the data required to generate and store the clinical note.

Business Associate Agreement (BAA) provided to every customer at no additional cost

Minimum necessary principle applied to all data access and processing

Only the clinical note and transcript are retained after encounter completion

HIPAA Breach Notification Rule compliance -- customers notified within required timeframes

24/7 security monitoring

Data Security

Encryption

Encryption in transit: TLS 1.3

Encryption at rest: AES-256

Keys managed under a formal encryption and key lifecycle policy

Infrastructure

Hosted on AWS US-region infrastructure

HIPAA-eligible AWS services only

Network isolation, firewalls, and intrusion detection

Physical security controls inherited from AWS

Access Controls

Role-based access control (RBAC) for clinic admins and clinicians

Multi-factor authentication (MFA) required for all access

Access limited to minimum necessary personnel

EHR Integration Security

OAuth 2.0 or SMART on FHIR authentication where supported

No patient data persists outside the agreed integration scope

Data exchange limited to the fields required for note transfer

AI MODEL PRACTICES

Your Data Does Not Train Our AI.

Patient data processed through SAI is never used to train foundation AI models without explicit written consent. AI inference runs within HIPAA-eligible infrastructure -- patient information does not leave the compliant environment during processing. All AI generated notes require mandatory physician review before finalization.

Patient data never used to train AI models without explicit written consent

AI inference performed within HIPAA-eligible infrastructure

No PHI transmitted to external model providers outside compliant boundaries

Mandatory physician review of all AI-generated notes before finalization

Data Retention
and Deletion

Data export available in standard formats upon request

Right to deletion: patients and customers can request data removal

Deletion confirmed in writing upon request completion

Audio: deleted automatically upon note completion

Transcripts and notes: retained per customer-defined retention window

Customer can request immediate deletion of their data at any time

On cancellation: data accessible for 90 days, then permanently deleted

INDEPENDENT VALIDATION

Certifications and Audits

SOC 2 Type II certified

Report available under NDA on request.

Annual third-party penetration testing

Conducted on a recurring annual basis.

Vulnerability disclosure program

Report security issues to security@saibyscrivas.com

FROM OUR FOUNDER

Security was the first requirement, not an afterthought.

"

I built SAI inside my own emergency department, with my own patients' charts. Security was not an afterthought -- it was the first requirement. As a practicing physician, I handle PHI every single day. The standard I hold SAI to is the standard I would demand as a patient."

Dr. Fernando Mendoza, MD, FAAP, FACEP

Founder · Pediatrician · 20+ yrs practicing · Founded 2012

FROM OUR FOUNDER

Security was the first requirement, not an afterthought.

"

Dr. Fernando Mendoza, MD, FAAP, FACEP

Founder · Pediatrician · 20+ yrs practicing · Founded 2012

FROM OUR FOUNDER

Security was the first requirement, not an afterthought.

"

Dr. Fernando Mendoza, MD, FAAP, FACEP

Founder · Pediatrician · 20+ yrs practicing · Founded 2012

SECURITY DOCUMENTATION

Security Documentation

SOC 2 Type II Report

Available under NDA on request.

REQUEST UNDER NDA →

Business Associate
Agreement

Provided to every customer at no
additional cost.

REQUEST A BAA →

Security Inquiries

A direct line to our security team.

SECURITY@SAIBYSCRIVAS.COM

Trust Document

Review our Trust Commitment →

FAQ

Frequently Asked Questions

Find answers to common questions about our product and services.

Does SAI store patient audio?

Is SAI HIPAA compliant?

Can I get a BAA?

Is patient data used to train AI models?

Where is my data hosted?

What happens to my data if I cancel?

Is SAI SOC 2 certified?

FAQ

Frequently Asked Questions

Find answers to common questions about our product and services.

Does SAI store patient audio?

Is SAI HIPAA compliant?

Can I get a BAA?

Is patient data used to train AI models?

Where is my data hosted?

What happens to my data if I cancel?

Is SAI SOC 2 certified?

FAQ

Frequently Asked Questions

Find answers to common questions about our product and services.

Does SAI store patient audio?

Is SAI HIPAA compliant?

Can I get a BAA?

Is patient data used to train AI models?

Where is my data hosted?

What happens to my data if I cancel?

Is SAI SOC 2 certified?

Security & Compliance

Questions About Security or Compliance?

Bring a real visit. We'll show you the note.

Our security team is available to walk through our compliance posture, share documentation, or support your organization’s vendor evaluation process.

Talk to our Security Team

Book a Demo

Book a demo

The SAI by Scrivas Newsletter

Sign-up for practical guidance on ambient AI in clinical practice, plus the latest from SAI by Scrivas.

SAI — the AI medical scribe by Scrivas.

Physician-built, trained on 14 years of real clinical documentation. Live on your EHR from day one.

Compliance

Company Info

About Us

Support

Careers

305-503-2899

info@saibyscrivas.com

9200 S Dadeland Blvd Suite 500, Miami, FL 33156

Terms & Conditions

Scrivas is proud to provide AI medical scribe solutions, medical documentation specialists, at-your-side scribes, medical assistants, and patient experience liaisons to hospitals, health systems, and practices across the United States — including Florida, Texas, California, New York, and beyond. Wherever you practice, our physician-designed solutions help you save time, improve compliance, reduce costs, and enhance patient satisfaction.

The SAI by Scrivas Newsletter

Sign-up for practical guidance on ambient AI in clinical practice, plus the latest from SAI by Scrivas.

SAI — the AI medical scribe by Scrivas.

Physician-built, trained on 14 years of real clinical documentation. Live on your EHR from day one.

Compliance

Company Info

About Us

Founding Story

Support

Careers

305-503-2899

sai.info@scrivas.com

solutions@scrivas.com

hiring@scrivas.com

Terms & Conditions

The SAI by Scrivas Newsletter

Sign-up for practical guidance on ambient AI in clinical practice, plus the latest from SAI by Scrivas.

SAI — the AI medical scribe by Scrivas.

Physician-built, trained on 14 years of real clinical documentation. Live on your EHR from day one.

Compliance

Company Info

About Us

Founding Story

Support

Careers

305-503-2899

sai.info@scrivas.com

solutions@scrivas.com

hiring@scrivas.com

Terms & Conditions

lorem

Your Patients’ Data Is Safe With SAI.

HIPAA Compliant

SOC 2 Type II

AES-256 Encrypted

AWS US Infrastructure

Medical Scribes Specialties

HIPAA Compliant

SOC 2 Type II

AES-256 Encrypted

AWS US Infrastructure

Your Patients’ Data Is Safe With SAI.

HIPAA Compliant

SOC 2 Type II

AES-256 Encrypted

AWS US Infrastructure

SAI Does Not Store Patient Audio

SAI Does Not Store Patient Audio

SAI Does Not Store Patient Audio

HIPAA Compliance

HIPAA Compliance

Business Associate Agreement (BAA) provided to every customer at no additional cost

Minimum necessary principle applied to all data access and processing

Only the clinical note and transcript are retained after encounter completion

HIPAA Breach Notification Rule compliance -- customers notified within required timeframes

24/7 security monitoring

Data Security

Encryption

Your Data Does Not Train Our AI.

Your Data Does Not Train Our AI.

Data Retentionand Deletion

Audio: deleted automatically upon note completion

Transcripts and notes: retained per customer-defined retention window

Customer can request immediate deletion of their data at any time

On cancellation: data accessible for 90 days, then permanently deleted

Certifications and Audits

Certifications and Audits

SOC 2 Type II certified

Annual third-party penetration testing

Vulnerability disclosure program

Security was the first requirement, not an afterthought.

"

Security was the first requirement, not an afterthought.

"

Security was the first requirement, not an afterthought.

"

Security Documentation

Security Documentation

Frequently Asked Questions

Does SAI store patient audio?

Is SAI HIPAA compliant?

Can I get a BAA?

Is patient data used to train AI models?

Where is my data hosted?

What happens to my data if I cancel?

Is SAI SOC 2 certified?

Frequently Asked Questions

Does SAI store patient audio?

Is SAI HIPAA compliant?

Can I get a BAA?

Is patient data used to train AI models?

Where is my data hosted?

What happens to my data if I cancel?

Is SAI SOC 2 certified?

Frequently Asked Questions

Does SAI store patient audio?

Is SAI HIPAA compliant?

Can I get a BAA?

Is patient data used to train AI models?

Where is my data hosted?

What happens to my data if I cancel?

Is SAI SOC 2 certified?

Questions About Security or Compliance?

Bring a real visit. We'll show you the note.

The SAI by Scrivas Newsletter

The SAI by Scrivas Newsletter

The SAI by Scrivas Newsletter

Data Retention
and Deletion