What It Is

Audio2Note is a powerful tool for healthcare professionals. It is designed for Internal Medicine and related subspecialties, but its design allows for easy expansion to other specialties in the future.

This software streamlines the clinical documentation process by allowing you to convert audio recordings from patient encounters into structured clinical notes directly within the patient’s chart.

What It Does

  • Audio to Note: Upload an audio file of your patient encounter, and the software will automatically generate a custom Audio2Note SOAP Note or a History and Physical Note, complete with suggested ICD-10, CPT, and E/M codes.
  • Chart Summarization: Quickly get up to speed on a patient by generating a summary of their three most recent clinical notes.
  • Seamless Integration: The generated notes are automatically filed into the correct patient’s chart, even if you have moved on to other tasks.

Why Use Audio2Note?

  • Physician-Led Development: Lead developer is an actively practicing physician who uses, improves, and ensures it meets the real-world needs of clinicians.
  • Reliable Data: The Artificial Intelligence models use custom datasets that are produced only from peer-reviewed sources.
  • Privacy-Focused: We prioritize the security of your patients’ data.
    • We use only self-hosted software, including small-scale Artificial Intelligence models (unlike large-scale enterprise models such as Gemini, ChatGPT, and so on). This means that your information does not leave our servers and is not shared with anyone.
    • For detailed information on our security practices and HIPAA compliance, please see our SECURITY.html file.
  • Secure by Design: All sensitive configuration data, such as API and license keys, are protected with strong, industry-standard encryption (ChaCha20-Poly1305) and stored securely in your database.
    • Not only do we use encryption and other methods to protect your information, your Protected Health Information stays on our servers only for the duration it takes to produce the note. It is then securely erased from our servers.
  • Open and Extensible: The software is built on open-source software and is designed to be modular, allowing for the easy addition of new features.
  • Simple and Powerful: Record the encounter, then upload the file, and you’re done. No need to wait for the process of producing a note to finish — just move on to your next patient. The note will be automatically populated in the appropriate chart.

Legal Disclaimer

This software is a clinical documentation aid and does not replace the professional judgment of a licensed caregiver. By using this software, you agree to the terms and conditions outlined in our Legal Disclaimer.

Information About Security

This document outlines the policies and procedures that Sun PC Solutions LLC has implemented to ensure the confidentiality, integrity, and availability of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Privacy and Data Handling

Audio2Note is designed to adhere to the principles of the HIPAA Privacy Rule.

  • Data Flow: When a user uploads an audio file, it is transmitted securely over HTTPS to a designated third-party transcription and note generation service. The polling service then retrieves the text-based data and integrates it into the patient’s clinical record. The original audio file is not permanently stored; it is handled as a transient data element for the purpose of processing.
  • Minimum Necessary: The software collects only the PHI required to fulfill its specific purpose. The only PHI disclosed to the external transcription service is the audio recording itself or, in case of note summarization, three previous encounter notes, along with a unique, non-identifying instance ID for licensing purposes. No patient demographic information (name, DOB, etc.) is transmitted.

Security Measures

The software’s security is built upon a combination of administrative, physical, and technical safeguards.

  • Transmission Security: All communication between the software and the external transcription service is conducted over HTTPS, ensuring end-to-end encryption of data in transit.
  • Data-at-Rest Encryption: Sensitive configuration data, specifically the license and API keys, are encrypted at rest in the audio2note_config database table using strong, industry-standard authenticated encryption (ChaCha20-Poly1305). The master encryption key is securely generated and stored in the database, ensuring it is unique to your instance.
  • Access Control: The software is governed by your application’s built-in Role-Based Access Control (RBAC) system. A user’s ability to access the software’s features is determined by their existing permissions.

Audit Controls

The system provides a clear and auditable trail for every transaction. The form_audio_to_note table within the database serves as the primary internal audit log, linking every transaction to a specific patient, encounter, and user.

Business Associate Agreement (BAA)

A formal Business Associate Agreement (BAA) is required with the external transcription service, contractually obligating them to protect PHI in accordance with HIPAA. It is the responsibility of the Covered Entity deploying the software to ensure such an agreement is in place.

Information About Hipaa Compliance

Policies and Procedures

This document explains how Sun PC Solutions LLC protects your health information, following rules like HIPAA. These rules help ensure that your private health information, especially when using our Audio2Note software, is kept safe and private.

Privacy Policy

Audio2Note handles your audio recordings, which contain health information, in a safe way. When you upload an audio file using the “Audio to Note” form, it is sent securely to a specialized service that transcribes speech into text and helps create clinical notes. This process enables the software’s functionality. The software then integrates this text into your patient record. The original audio file is not permanently stored; it is used only for the duration of processing.

Minimum Necessary Documentation

Audio2Note collects, uses, and shares only the minimum amount of health information necessary for its intended purpose.

  • Information Collected: For each audio recording, the system collects the audio file itself (containing health information) and identifiers that link it to the correct patient, visit, form, and user. This represents the least amount of information required to associate the audio with your record.
  • Information Used: The audio file is used solely by the external service to create a text transcript and notes. The linking identifiers facilitate the placement of the finalized note into the appropriate patient’s chart.
  • Information Shared: The only health information shared with the external transcription service is the audio recording itself, or, in cases of note summarization, previous notes. No personally identifiable information (such as your name or birthdate) is transmitted.

Records of Disclosures

The software maintains a record of when health information is shared.

  • Internal Disclosure Log: A form within the database records each audio file submission, creating an auditable link between the initial audio submission and the resulting entry in the patient’s chart.
  • External Disclosure Log: The external transcription service also maintains its own record, linking the job to the originating system.

Workforce Authorization Levels

Audio2Note leverages your existing access control system.

  • Access Control: Your ability to create or view a patient’s clinical note directly determines your access to this software’s features for that patient. The software operates based on your pre-existing permissions.

Risk Analysis and Risk Management

Audio2Note is designed to reduce risks by limiting the exposure of health information. We maintain a Business Associate Agreement (BAA) with the transcription service.

  • Risk Reduction:
    • Minimal Data Shared: Only the audio recording is shared with the external service, not your personal details, thereby reducing risk.
    • Leveraging Existing Security: The software utilizes your application’s robust security features, including user logins and access rules, rather than introducing new authentication mechanisms.
    • Service Security: The transcription service is contractually obligated to maintain the security of audio files, as stipulated in our BAA.

Security Policy

The software’s security incorporates a combination of administrative, physical, and technical safeguards, relying on your application’s inherent features and the software’s design.

  • Administrative Safeguards: We maintain a formal Business Associate Agreement (BAA) with the external transcription service, legally obligating them to protect health information.
  • Physical Safeguards: As a software product, its physical security is contingent upon the hosting environment of both your application and the transcription service.
  • Technical Safeguards:
    • Secure Transmission: All data exchanged between your application and the transcription service is encrypted during transit, ensuring confidentiality.
    • Encrypted Data-at-Rest: Sensitive configuration settings, such as license and service keys, are encrypted when stored in the database, utilizing strong cryptographic methods for protection.

Access Control Policy

Audio2Note does not implement its own user or access management. It integrates with your application’s existing system.

  • Permissions Inheritance: Your ability to use the “Audio to Note” form, upload audio, and view notes is directly controlled by your existing permissions. If you possess the necessary permissions to create or view a patient’s notes, you can utilize this software for that patient.

Audit Controls and Activity Reviews

The system maintains a clear record of every action, detailing when health information is shared and the progression of each transcription job.

  • Internal Audit Log: The form_audio_to_note table within the database serves as the primary internal record. Each audio file submission generates a new entry, creating an auditable link between the transcription job and the patient, visit, and final note.
  • External Audit Log: The external service also maintains a corresponding record, linking their job to the originating system.

Contingency Plans

The strategy for handling audio data in the event of an issue is dependent on the external service.

  • Data Backup and Recovery: As audio files are not permanently retained, the external transcription service is responsible for backing up and recovering the audio health information, as stipulated in the BA The finalized text note, once generated, is stored within your application and falls under the healthcare organization’s own backup protocols.

HIPAA Security Official

Audio2Note does not designate its own security official. The healthcare organization utilizing the software bears overall responsibility for security, including the software’s usage.

Incident Response and Breach Notification

This section outlines procedures for addressing security incidents, such as health information breaches, in accordance with HIPAA regulations. It delineates responsibilities between the healthcare organization (as the Covered Entity) and the external transcription service (as the Business Associate).

Division of Responsibilities
  • External Service (Business Associate): Pursuant to our Business Associate Agreement (BAA), the external service is obligated to maintain the security of all health information it handles. In the event of a security incident or breach on their end, they must promptly notify the healthcare organization, as per the BA and HIPAA rules.
  • Healthcare Organization (Covered Entity): The healthcare organization is responsible for its own response upon notification of an issue from the external service or discovery of an internal problem. They are ultimately responsible for determining if a breach of unsecured health information has occurred, assessing its scope, and notifying affected individuals, the government, and potentially the media.
Breach Investigation and Notification Process

Should the external service report a security incident, the healthcare organization’s HIPAA Security Official will initiate an investigation. Audio2Note assists by providing records to identify all affected individuals.

The investigation typically involves these steps:

  1. Information Gathering from External Service: The external service will provide details regarding the incident, including its timing and any unique identifiers for the affected data.
  2. Internal Record Review: The healthcare organization’s technical staff will examine the form_audio_to_note table in the database. This table serves as the primary record linking each transaction to a specific patient.
  3. Identification of Affected Individuals: Utilizing the identifiers provided by the external service, the healthcare organization can ascertain which patients’ information was involved.
  4. Response and Notification: With the list of affected patients, the healthcare organization can then fulfill its obligations under the Breach Notification Rule.
Proactive Incident Detection

In addition to responding to issues reported by the external service, the healthcare organization can also proactively monitor for potential security concerns. The software regularly communicates with the external service. Errors logged by this software—such as connectivity failures, anomalous responses, or persistent job processing issues—may indicate a security event at the external service and warrant investigation by the healthcare organization’s HIPAA Security Official.

Business Associate Agreements (BAAs)

Sun PC Solutions LLC may, in the future, need to expand for additional computational resources. In such cases, a formal Business Associate Agreement (BAA) will be executed with any entity that handles health information. This agreement legally obligates them to protect the health information they process. It also outlines their responsibilities in the event of a security incident or breach, ensuring compliance with HIPAA rules. The healthcare organization utilizing the software is responsible for ensuring this agreement is in place.

Training Policy

All personnel within a healthcare organization utilizing Audio2Note who have access to health information must undergo regular HIPAA training. This training encompasses fundamental HIPAA regulations, the organization’s specific policies, and proper, secure usage of Audio2Note. Training will be provided upon hiring and annually thereafter, or more frequently if regulations or procedures change.

Training Records

The healthcare organization is required to maintain records of all HIPAA training completed by its staff. These records must document the training dates, content covered, and attendees. Such records must be retained for a minimum of six years and made available to the Department of Health and Human Services (HHS) upon request.

Sanctions Policy

The healthcare organization must establish and enforce appropriate penalties for staff members who fail to comply with its HIPAA policies or this documentation. The severity of the penalty will be commensurate with the violation and may range from warnings and additional training to employment termination and legal action, in accordance with the organization’s policies.

Record Retention

Sun PC Solutions LLC, and any healthcare organization utilizing Audio2Note, must retain all HIPAA-related documents for a minimum of six years from their creation date or last effective date. This includes, but is not limited to, policies, risk analyses, agreements, training records, and incident reports. All records will be maintained in a secure and readily accessible manner.

 

Scroll to Top