At Tripletime, the trust of our users is fundamental to everything we do. We understand that when you choose to use our platform, you need to rely on a partner that treats privacy and security as their highest priority. We work tirelessly to ensure your information is handled with care and protected with the latest technology.

Tripletime strives to be fully compliant with the the leading standards of personal health regulations. That's why our product aims to be compliant with the following standards:

• GDPR
• HIPAA
• PIPEDA
• APP
• NHS Compliant

How does Tripletime work?

Tripletime combines ambient listening, dictation, and smart object content recognition all in one secure desktop application to automatically generate a clinical note of any encounter.

The aim of combining all of these technologies in one easy to use toolkit is to create a world-class solution that reduces the burden of clinical documentation.

We’ve put this page together to show you how our data is captured, stored and processed when a clinician uses Tripletime.

What measures have we taken?

No audio recordings are stored.

When you’re dictating or using Tripletime to listen ambiently to a conversation the recording itself is not stored or distributed in any way. The audio is sent to a combination of Deepgram and Anthropic which use it to generate your clinical note. For both of these providers we use APIs that prevent the storage of the recordings so that they are deleted automatically once transcribed into text. That means that no audio file will exist after the text has been generated.

Encryption and restricted access

Your clinical note and any source material used to generate it (eg transcribed text, snips or documents) are stored in an encrypted and HIPAA compliant AWS cloud. AWS has implemented strict safeguards and encryption to comply with all relevant regulations and is trusted by a large number of medical providers for their information storage needs.

Your notes and source material are accessible to you as the account owner but are not accessible by anyone at Tripletime or other account owners. By default we cannot access any of this information.

Temporary storage

To further strengthen our safeguards your notes and source material will be permanently deleted after 30 days. We’ve implemented this safeguard to further ensure that any risks are well mitigated, even though we are using market-leading providers for our services.

Providers

We have also partnered with the very best providers for the various systems that we use, all of which employ the highest standards of compliance and security. For each of these we have BAAs in place to ensure that net zero data retention is in place and that the digital footprint that is created is kept to the minimum required by medical regulations.

To provide maximum transparency, the following are our primary service providers:

• Amazon Web Services - we use AWS as our cloud provider. AWS supports 143 security standards and compliance certifications, including HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171. A BAA is in place with AWS.
• Anthropic - we use Anthropic as one of our main LLMs. Its LLM is both SOC 2 Type 1 and Type 2 compliant and configured for HIPAA compliance. A BAA is in place with Anthropic.
• Deepgram - we use Deepgram for some of our audio transcription services. Deepgram is SOC 2 Type 2 compliant and configured for HIPAA compliance. A BAA is in place with Deepgram.