NovoNote Security & Compliance
At NovoNote, protecting patient data and ensuring compliance with security and privacy standards are our top priorities. Our AI-powered platform is HIPAA compliant and adheres to Australian Privacy Principles. Built to meet the highest standards of privacy and security, we give clinicians the peace of mind to focus on patient care while we safeguard your technology.
Downloadable Resources
The NovoNote Taker Consent Form provides transparency about how your sessions are documented. It outlines how NovoNote converts session audio into clinical summaries, ensures no audio is stored, and complies with industry standards such as HIPAA, AHPRA and APP.
The NovoNote Fact Sheet is designed to give clients a clear understanding of how NovoNote supports clinical documentation. It explains the purpose of the tool, how consent is managed, and reassures patients that their privacy is protected. Clinicians can provide this fact sheet to clients to foster transparency and trust.
Security Protocols and Compliance
Industry-Leading Compliance Standards
NovoNote is compliant with HIPAA, AHPRA, and the Australian Privacy Principles (APP), ensuring that all personal and patient data is handled with transparency and care. Read our Privacy Policy here.
Data Encryption and Protection
All data is encrypted both in transit (TLS 1.2 or higher) and at rest (AES-256 encryption). Our security protocols ensure that no unauthorised individuals can access your sensitive information. Read about our security protocols here.
Role-Based Access Control (RBAC)
Clinicians can set up role-based access controls, so team members only access the data and functions they need, ensuring patient confidentiality and operational efficiency.
Secure Cloud Infrastructure
NovoNote operates on secure servers located in Australia that meet ISO 27001 and SOC 2 Type II standards. All data is stored safely, and automatic backups ensure it remains protected even in unforeseen circumstances.
No Data Used for AI Model Training
We use established Large Language Models (LLMs) and have data processing agreements that ensures data is not used for secondary purposes. Personally identifiable information is redacted to ensure LLMs never have access to identifiable information.
No Audio Recordings Saved
Audio recordings are never saved. Rather, audio is immediately converted into a redacted text based transcript. Only the session summary is retained as part of the patient’s file, and our default settings are for transcripts to be deleted after use.
Consent and Patient Transparency
Clinicians gaining consent from your patients is an important part of the compliance process. Verbal consent is a must, and we also provide fact sheets, explanatory statements and consent form templates.
Secure Since 2012
NovoNote is created by NovoPsych, a software service founded in 2012, trusted by over 75,000 clinicians. We’ve spent more than a decade investing in our security protocols and have never had a data breach.
We service industry leading organisations including contracts with hospitals, state health services, defence, federal police, universities and the department of health. Security and compliance has often played a key role in securing these industry contracts.
Your Security Questions Answered
Q: Where is data stored?
A: Session notes and transcripts are stored on our servers located in Australia, administered by AWS. Audio recordings are never stored.
Q: Is NovoNote compliant with industry standards?
A: Yes, NovoNote complies with HIPAA (the USA standard), AHPRA, and the Australian Privacy Principles (APP), and meets global gold standards for data encryption and security.
Q: What happens to the audio recordings of sessions?
A: The audio is only used to generate a transcript for creating a clinical summary. Once the summary is saved, the transcript is deleted, and no audio is retained.
Q: Can patients opt out of using NovoNote?
A: Absolutely. Clinicians are required to obtain patient consent before using NovoNote, and patients can withdraw consent at any time.
Q: Is my data used to train AI?
A: No. Your data is not used by us or any third party LLM to train AI models.
Q: Is my information shared with third parties?
A: When using third party LLMs to process data they receive de-identified information by default, meaning no personally identifiable information is shared. We have data processing agreements in place which ensures these data processors only process data in the service of you, with no secondary use. This contractual measure helps maintain the integrity and confidentiality of your data while enabling us to provide enhanced functionality through external services.
Q: How long has NovoPsych been operating?
A: NovoPsych has been protecting patient data since it was founded in 2012. In this time we have never had a data breach and have continually invested in enhancing our security.
Q: Is NovoNote HIPAA compliant?
A: NovoNote by NovoPsych is HIPAA compliant. A Business Associate Agreement is available to all USA customers on a Pro plan.
Have Questions About Security?
For more information about our security practices, email us at [email protected]
Ready to Start Using NovoNote for Free?
NovoNote is free. Let NovoNote securely write your notes so can spend your time on patients, not paperwork. Transform your clinical practice and save valuable time with NovoNote by NovoPsych.