How does Leger handle sensitive health information?
Leger is a HIPAA compliant Business Associate with a zero retention data policy in place for it's AI api partners. We do not store transcriptions or AI usage data that involves personally identifiable health information.
Please see this article to learn more about HIPAA compliance.
Is Leger HIPAA-compliant?
Yes. Leger uses Auth0 for secure authentication and authorization, and we store all data in a Postgres database hosted by Supabase. Both of these services are HIPAA-ready, and we follow best practices to ensure all protected health information (PHI) is handled securely. We also have a special Business Associate Agreement (BAA) with OpenAI that allows us to maintain HIPAA compliance.
Who has access to the notes?
Only authorized personnel within your practice—those you grant the appropriate permissions—can view or edit patient notes. Leger’s team accesses customer data solely for support or troubleshooting purposes, and only with explicit permission when needed.
Can I edit or delete notes before they are saved?
Yes. You have full control over your dictated notes. You can review, edit, and finalize notes before saving them. You can also delete notes if required by your practice’s policies or patient requests.
What happens if a patient requests their data to be deleted?
Leger supports data deletion requests. In compliance with patient rights under HIPAA, you can delete a patient’s notes from the platform. Once deleted, the data is removed from active storage, and we only retain minimal metadata as needed for audit logs unless otherwise required by law.