Privacy 7 min read

Building Privacy-First AI for Healthcare: What Actually Convinced Me

ActiveScribe Team

Notes from one of our early pilot physicians, edited and published with permission. — The ActiveScribe Team

When the first AI scribe vendors started showing up at conferences, I did what most of my colleagues did: I nodded politely, took the brochure, and threw it away in the parking lot. I'd been a family doctor in Ontario for eleven years. I'd watched OHIP fax machines outlive three EMR migrations. I was not about to hand a recording of my patient's mental health crisis to a Silicon Valley startup whose privacy page had a typo in the word "encryption."

What changed for me wasn't a sales pitch. It was a checklist.

I sat down one weekend and wrote out, in plain English, the questions I would need answered before I'd let any tool listen to one of my visits. Not the marketing questions ("Is it secure?") — the ones where the answer is either a specific technical fact or a stalling tactic. I want to walk through that checklist here, and what I learned from going through it with the team building ActiveScribe.

Where, exactly, does the audio go?

This is the first question, and most vendors get visibly uncomfortable. The honest answer for ActiveScribe: when I hit record in my browser, the audio is captured at 48kHz, downsampled to 16kHz on my device, and streamed over an encrypted WebSocket to their backend in AWS ca-central-1 — Montreal. From there it's handed to Deepgram (their speech-to-text vendor) for transcription, and the resulting text goes to AWS Bedrock running Anthropic's Claude models for the note generation.

The thing that mattered to me here wasn't that they used cloud — it's that they could tell me which cloud, in which region, run by which company, doing which step. Vendors who can't draw you that diagram on a napkin shouldn't be touching patient data.

What gets kept, and what gets thrown away?

This is where ActiveScribe answered a question I didn't even know I should ask. Their contract with Deepgram has a zero data retention clause: the audio I send them doesn't get stored, doesn't get used to train anyone's model, and doesn't outlive the API call that produced the transcript. The AWS Bedrock side is the same — Anthropic's models on Bedrock don't train on inference data.

The audio file itself, on the ActiveScribe side, is encrypted on my device with AES-256 before it ever leaves my browser, and the key is wrapped with their KMS keys in AWS. The transcript and the note get stored in their database with field-level encryption — not row-level, not table-level, field-level, on every column that contains patient information.

I asked them what happens if a developer at their company runs SELECT * FROM encounters. The answer is "they get back ciphertext." That's the right answer.

Can I actually see who touched my data?

The audit log is the test that filters serious vendors from the rest. Every action against an encounter — view, edit, export, delete — is logged with the user ID, timestamp, and action type. As a clinician, I can pull that history for any note. As a regulator, I could (in principle) ask the same questions and get the same answers.

What I cared about wasn't that the audit log existed in a brochure. It was that I could see it.

The "no training" promise

Every AI vendor right now promises they won't train on your data. The promise is worth exactly as much as the contract behind it. ActiveScribe's promise is enforced two ways: the BAA with Deepgram (zero retention, no training), and the BAA-eligible Bedrock model invocation (no training on inference data). There is no scenario in their architecture where my patient's audio ends up in someone's next-generation model. That's not a marketing claim — it's a contractual one, and I asked to see the relevant clauses before I signed up.

What I still don't get (and that's okay)

I'm a doctor, not a security engineer. There are parts of this stack I'll never fully understand — KMS envelope encryption, Redis stream consumers, IAM-authenticated database proxies. I don't need to understand them. What I need is for the team building the tool to be able to explain them to someone who does understand them, and to back the explanations up with real configuration files I could ask a third party to audit.

The team building ActiveScribe is ISO/IEC 27001:2022 certified, which means independent auditors have done exactly that. That doesn't make the tool perfect. It does mean it's not a guy with a credit card and a Vercel account.

What I'd tell another physician

Don't ask vendors if they're "secure." Ask them where the audio goes, what gets kept, who has access, and how you'd find out if something went wrong. The answers should be specific and they should fit on a single sheet of paper. If a vendor can't tell you exactly which subprocessors touch your patient's voice, walk away.

I'm not paid to write this. I'm a family physician in a province where my regulatory college can suspend my license if I get this wrong. I picked the tool whose engineers were willing to sit on a call and answer the boring questions.

Have your own checklist?

We'll answer it. Join the waitlist and our engineering team will set up a call to walk you through our architecture in detail.

Join the Waitlist
Back to blog