Dine patienters datasikkerhed er kernen i alt, hvad vi gør. Denne artikel vejleder dig gennem, hvordan Heidi holder dine data sikre — og hvordan du kan tale til dine patienter om det med selvtillid.

All data on the Heidi platform is encrypted end-to-end — both in transit and at rest. From the moment you open a session to the point your notes are transferred into your medical record, your data is protected at every step. Even in the unlikely event of unauthorised access to our infrastructure, encrypted data cannot be read.

Nobody at Heidi can access your data without your express permission. If you require support from our team, you will be asked to provide explicit consent before anyone accesses your session data. Any access is logged and audited, so there is always a clear record of who has viewed what and when.

Heidi's systems are independently vetted and certified by third-party auditors — not just documented on paper, but verified as implemented across our entire organisation. Our credentials include ISO 27001, ISO 42001, and SOC2 compliance, and we meet regional regulatory requirements including HIPAA, GDPR, PIPEDA, and APP. You can view our full compliance credentials on our Trust Centre.

At Heidi, deletion means deletion. When you delete a session, that data is permanently removed from our servers and cannot be recovered. Please ensure you have transferred any notes you need before deleting a session.

In practice, the vast majority of patients are comfortable with their clinician using Heidi. When seeking consent, there are four key points worth covering:

You're using Heidi to save time on documentation — which means less time at the keyboard and more time focused on the patient in front of you.

Heidi de-identifies and encrypts all data on the platform. Only you can see your sessions. Heidi does not use consultation data, session recordings, or generated notes to train its AI model in any way. Model training is handled entirely separately by a dedicated medical knowledge team.

Heidi's privacy and security processes are independently audited and verified. Credentials including ISO 27001, ISO 42001, and SOC2 compliance are available to view on our website.

Heidi operates local, private servers in every region it operates in. Regional-specific information on server locations is available on our Trust Centre.

Our Resource Centre includes downloadable patient explainer sheets, optional patient consent forms, and clinic assets to help you introduce Heidi to your patients and practice with confidence.

For further detail on Heidi's compliance credentials by region, visit our Trust Centre. If you have specific compliance questions about an enterprise deployment, reach out to our team at [email protected].