Compliance Centre
Do your own assessment, with a running start
Practical, Canada-first resources to help you and your privacy advisor assess DirectScribe under PIPEDA and your province's health-privacy law (in Ontario, PHIPA). We do not market against US HIPAA.
Not legal advice
Everything in the Compliance Centre is general information to support your own privacy assessment. It is not legal advice, is not a substitute for your professional college's guidance or a privacy lawyer, and does not create any professional relationship. You remain the health-information custodian responsible for your patients' data.
Start here
PIA template
A Privacy Impact Assessment template aligned to Ontario IPC AI-scribe guidance (January 2026), with DirectScribe-specific prompts to fill in.
Patient consent
Sample patient-notice wording plus a clinic-responsibility checklist — FileVault, network protection, and signed vendor agreements.
Security design
How the app handles data, deletion honesty, the audit log's real scope, and the one network call it makes.
Template guide
Author your own note templates with plain-language placeholder conventions and ALL-CAPS headings.
How the design maps to common assessment questions
| Assessment question | How DirectScribe is designed |
|---|---|
| Who receives PHI? | Only the transcription and intelligence vendors you choose. There is no DirectScribe server in the path. |
| Is the patient recorded? | No. Only the physician's voice is recorded for dictation; it is not an ambient scribe. |
| Where are credentials stored? | API keys are held in the macOS Keychain, protected by your login and FileVault. |
| How long is data kept? | On your retention window (7/30/90 days) plus a session-end delete. Deletion is logged. |
| Can you evidence data flows? | Yes — a PHI-free, tamper-evident audit log records every transmission and deletion. |
| Is there vendor lock-in? | No. Bring your own keys; switch vendors; run note-shaping locally with LM Studio. |
About the audit log, so no one over-claims
DirectScribe's audit log is a transmission-and-deletion transparency record. It is explicitly not a PHIPA s.10.1 access-audit log: that section is enacted but not yet in force, and it concerns logging who views a patient's record. The app logs sends and deletes, not PHI access — and your EMR remains the system of record for the clinical note and its access history. The log helps you evidence where data went and when it was removed; it does not, by itself, satisfy any regulatory audit obligation.