What You Get with Oath

• HIPAA-compliant clinician tools for licensed care teams.
• Platform access is wrapped in our Terms of Service plus a built-in Business Associate Agreement (BAA), so HIPAA protections apply the moment you sign up.

How We Guard Your Data

• ✅ Privacy first: You own your patient notes and outputs. We only use them to run and improve the service for your organization.
• ✅ Locked down by design: Data stays encrypted in transit and at rest, hosted in US data centers. Real-time audio is never stored, only processed in real-time for transcription.
• ✅ People controls: Every team member completes security training, signs confidentiality agreements, and has the minimum access needed. Offboarding removes access immediately.
• ✅ HIPAA compliant safeguards: We track 90+ security controls using HIPAA and SOC 2 frameworks.
• ✅ Always-on monitoring: Backups run automatically, recovery drills are tested, and app firewalls block common attack paths before they reach you.
• ✅ Vendor transparency: US-based infrastructure and vetted subprocessors keep PHI in the United States with equivalent HIPAA-compliant safeguards for anyone who touches it.
• ✅ Independent testing: Penetration testing is performed annually to validate our security controls.

What We Ask of You

• Let patients know when you capture audio and follow your organization’s consent policies.
• Trust but verify Oath's AI-generated content, reviewing them before signing clinical documentation or submitting claims.
• Keep your login secure (no shared seats) and reach out if you suspect suspicious activity.
• Avoid uploading highly regulated data outside HIPAA scope (payment cards, 42 CFR Part 2 data) without written clearance from us.

Need Help or Security Support?

• Security & Privacy: security@oath.med
• General & Legal: hello@oath.med
• Mailing Address: 221 W 9th St, Ste 793, Wilmington, DE 19801

We’re here to make sure your clinical data stays protected while you care for patients. If you need anything else, just ask.