How Twofold Keeps Your Notes Safe (Without Ever Saving Audio)

In today's digital‑first clinical practice, efficient documentation must never come at the cost of patient privacy. The very tools that save time can create significant security risks if they retain sensitive audio recordings.

Twofold’s AI medical scribe is built on a foundational promise: to never save your audio. By permanently deleting recordings after processing, we uphold the highest standard of confidentiality by design. Explore the multi‑layered structure that ensures your clinical documentation is not only HIPAA‑compliant but trustworthy, allowing you to focus on care.

Why Note Security Matters More Than Ever in Clinical Workflows

The pressure to document efficiently is immense, but it cannot come at the cost of patient privacy. Healthcare remains one of the most breached sectors, with nearly 57 million individuals affected by data breaches in 2025. A single incident can trigger millions in fines, legal action, and irreversible reputational damage. The stakes are uniquely high for clinical documentation, and unlike billing codes or lab results, psychotherapy notes contain a patient’s deepest narratives, fears, and histories. Therefore, a breach here isn't just a data loss; it's a major violation of the therapeutic bond.

This makes security a core clinical and ethical duty. HIPAA provides the essential framework for this duty, mandating safeguards that align with ethical practice. Choosing a tool that embodies these principles is critical for modern clinicians.

The Privacy Risks of Audio Recording in Clinical Documentation

While capturing session audio seems efficient, it creates significant privacy liabilities that undermine both security and the therapeutic process. The core risks can be broken down as follows:

• Audio is Raw, Unfiltered PHI: An audio file is a complete, unredacted recording. It contains every spoken word, emotional inflection, and tangential, but deeply personal detail. This raw data is far more sensitive than a finalized, structured clinical note, which filters information to what is clinically relevant and necessary.
• It Creates a Liability: Unlike a note, which has a defined retention period, a stored audio file becomes a perpetual target. It must be encrypted, access-controlled, and managed indefinitely, vastly expanding your long-term data breach exposure and compliance overhead.
• It Introduces Ethical Gray Areas: Even with legal consent, the knowledge that a digital recording is being permanently archived can alter the therapeutic dynamic. Patients may self-censor, potentially hindering the openness required for effective treatment.

How Twofold Processes Conversations Without Storing Audio

This follows a “process to text, then delete” principle. Here is a simple breakdown of how this works.

• Step 1: Secure Real-Time Stream: Audio is instantly encrypted, while our AI models transcribe and analyze it.
• Step 2: Immediate Deletion: The raw audio data is permanently deleted from memory once the draft is created.
• Step 3: Text Only Output: The only saved item is the final, structured note draft.

How Twofold Keeps Clinical Notes Safe End to End

After the audio is deleted, your notes are protected by multiple, layered security controls.

• End-to-End Encryption: All data is secured in transit and at rest using TLS 1.2+ and AES-256 encryption, respectively.
• Compliant Infrastructure: Data is hosted on the compliant cloud provider Microsoft Azure, with strict physical and network security.

Data Access Controls and User Boundaries That Keep Notes Safe

Controlling who can see what information is just as important as encrypting it.

• Role-based Access Control: Permissions are segmented by job role.
  • A clinician can create and view all notes for their caseload.
  • A billing staff member can only see required codes and dates, not the clinical narrative text.
  • An admin can manage user accounts but cannot view clinical content.
  • This is especially critical for protecting sensitive psychotherapy notes, which receive a higher level of access restriction.
• Comprehensive Audit Trails: The system maintains a log that records every action.
  • Tracks exactly who accessed which note, when, and from where.
  • This is non-negotiable for HIPAA-compliant AI notes and provides transparency.

Compliance, Trust, and Security Standards Behind Safe Clinical Notes

Security is validated by independent standards and legal agreements, not just promises.

• HIPAA-Compliant Foundation: Our HIPAA compliant AI notes solution is built to handle Protected Health Information.
• The Business Associate Agreement: We sign a legally binding BAA with every customer. This contract formally outlines our responsibilities for safeguarding your patients' PHI, creating shared liability and trust.
• Beyond HIPAA: We will undergo a SOC 2 Type II audit. Unlike a point-in-time check, this third-party examination verifies that our security controls operate effectively over a sustained period (usually 6-12 months)

How Twofold Keeps Notes Safe by Design, Not by Retention

Twofold is built on the principle that the most secure data is the data you never store. This is why our system's core function is to delete audio immediately after processing. This Privacy by Design is not just a feature; it is our foundation.

By deleting the audio repository, the chances of potential breaches are dramatically lower. Clinicians and patients can engage more comfortably and openly, knowing that the conversation leaves no permanent digital record, allowing the focus to remain on care.

Conclusion

Secure clinical notes are not achieved by a single feature, but through a unified system built on a foundational principle: the greatest threat to data is the data you keep. Twofold thus keeps clinical notes safe through a layered security system with a no audio retention policy, end‑to‑end encryption, and administrative controls, which come together through a commitment to privacy by design. This system does more than meet compliance standards; it promotes the trust essential for effective care.