AirNote is designed to support HIPAA-compliant use for eligible US healthcare customers when used under a Business Associate Agreement (BAA) and as part of an appropriately managed clinical practice.

HIPAA compliance is a shared responsibility. AirNote provides safeguards for handling protected health information, while therapists remain responsible for matters such as client consent, device security, record-retention policies and appropriate disclosure.

How AirNote protects client information

AirNote was designed around the sensitivity of therapy records, with privacy considered throughout the documentation workflow.

BAA-backed use

When a service processes protected health information on behalf of a HIPAA-covered therapist or practice, a written Business Associate Agreement establishes how that information may be used and safeguarded. AirNote supports BAA-backed workflows—providing a compliant BAA—for eligible US healthcare customers.  

Raw audio is transcribed on the therapist’s Mac

A therapy recording may contain far more sensitive material than the final note: the client’s voice, emotional tone, pauses, names and personal disclosures.

AirNote therefore transcribes session audio directly on the therapist’s Mac rather than uploading it for cloud transcription. Raw audio is deleted after successful transcription under AirNote’s retention process and is excluded from Cloud Sync.

Clinical records are securely synchronised

Transcripts, notes, documents, formulations and related client records can be protected through encrypted Cloud Storage. Information is encrypted while being transmitted and while stored, with access tied to the therapist’s authenticated account.

Raw session audio is not included in the synced clinical record.

AI processing is deliberate and limited

AirNote does not continuously send client information to an AI system.

Relevant text is processed only when the therapist requests a function such as generating a Clinical Note, Process Note, formulation, document or Ask AirNote response. The raw recording is not sent as part of these requests.

Generated material returns as a draft. Nothing is automatically added to an EHR, emailed to a client or shared with another professional. The therapist reviews and controls every output.

Clinical information is not treated as advertising data

AirNote does not sell personal data or use clinical material for advertising. Identifiable clinical content is not used to train general-purpose AI models.

Product analytics are designed to measure reliability and feature use without collecting transcripts, notes, client names or other clinical free text.

Does using AirNote automatically make a practice HIPAA compliant?

No software can make an entire practice compliant on its own.

Therapists must still:

• Obtain appropriate consent for recording and AI-assisted documentation.

• Secure their Mac and AirNote account.

• Review AI-generated drafts before relying on them.

• Manage staff access appropriately.

• Follow applicable retention and deletion requirements.

• Protect records after exporting, emailing or copying them elsewhere.

HIPAA requires covered organisations and their business associates to use appropriate administrative, physical and technical safeguards for electronic protected health information.   AirNote provides a platform designed to support those responsibilities, but the clinician remains responsible for how it is used within their practice.

The answer

AirNote supports HIPAA-compliant use for eligible US healthcare customers with the appropriate BAA and practice safeguards in place.

Its privacy architecture reduces unnecessary exposure of sensitive information: raw session audio remains on the therapist’s Mac for transcription, cloud records are encrypted, AI processing occurs only when requested, and generated material remains under the therapist’s control.

For AirNote, protecting client information is not simply a compliance requirement. It is part of respecting the trust on which therapy depends.