ZScribeBeta
Talk with the team
Security & Trust

Built for clinical work. The provider stays in command.

ZScribe is designed for the careful reader. The AI prepares the work. The clinician reviews and signs. Patient data is treated as patient data. Encrypted, scoped, and never inside a text message.

Honest posture. See compliance section below.
The clinical boundary

AI prepares the work. Providers review and sign. The clinician is always the final authority.

  • AI drafts, never decides

    Every note, summary, and suggestion arrives as a draft. The clinician edits and signs. Nothing autoposts to the chart.

  • Sign-off is the line

    Until a provider signs, nothing in the chart is final. Sign-off is the boundary between machine work and clinical record.

  • Audit trail per action

    Every edit, every override, every sign-off is recorded. Who, when, and what changed. Reviewable on demand.

Patient data

Patient data, treated as patient data.

  • PHI never in SMS

    Patient notifications carry a link to a secure context, never the chart contents themselves. Same for email previews.

  • Tenant isolation

    Each clinic's data lives in its own logical boundary. There is no shared bucket of records across customers.

  • Encryption in transit and at rest

    Standard TLS in transit, AES-256 at rest. Keys are scoped to the tenant.

  • De-identified demo data only

    Every screenshot and clip on this site uses a fictional clinic, fictional patients, and synthetic identifiers. Real records are never used in marketing.

Access & audit

Who saw what, when. On the record.

Access is scoped to the role and the workflow. Every action against a chart is recorded, so the audit answers itself.

  • Role-based access

    Front desk, clinician, admin. Each role sees only what it needs. Custom roles are configurable per clinic.

  • Audit trail per chart action

    Every read, edit, and sign-off is timestamped and attributed. A complete record of who saw what, when.

  • Sign-off provenance

    Notes carry the signing clinician, the time of sign-off, and the version of the draft that was reviewed.

Compliance posture

Designed to meet the standards that matter. Honestly tagged.

We'd rather show the direction than overclaim what we hold today. Each item below states our current posture and the work in progress. Nothing here implies a certification we don't have.

  • HIPAA

    Designed to meet

    In build

    Architected against HIPAA's Security, Privacy, and Breach Notification rules. Formal review and BAAs in progress.

  • SOC 2 (Type II)

    Aligned with, audit in progress

    Roadmap

    Controls modeled on the SOC 2 Trust Services Criteria. Formal Type II report is on the roadmap.

  • ONC (HTI-1)

    Designed to meet

    Roadmap

    Building against the current ONC certification criteria for clinical software. Certification on the roadmap.

  • HITRUST

    On the roadmap

    Roadmap

    HITRUST CSF certification is planned. Until then, the underlying controls are designed against the framework.

We share evidence, current controls, and the state of each audit during a private walkthrough. Bring your security questionnaire.

Talk to us about your requirements
Early access for partners & clinics

Help shape the EHR clinicians actually want

We're building ZScribe hands-on with early clinics and partners. Bring your workflow and your constraints into the room.

Talk with the teamRequest early access

A private walkthrough with the team. No spam, no hard sell.