Security at Stream
Stream handles protected health information every day, and we treat that as the core responsibility of the product. This page summarizes our security practices in plain language. For contractual terms, see our Business Associate Agreement, Privacy Policy, and Terms of Service.
Encryption
All data is encrypted at rest and in transit. Connections to Stream use TLS, and stored data — recordings, transcripts, notes, and chart content — is encrypted on disk.
Audit controls and access logging
Audit controls and access logging are in place across the platform. Access to patient data is logged, and internal access is restricted to what is required to operate and support the service.
HIPAA compliance and BAA
Stream is fully HIPAA compliant, and we sign a Business Associate Agreement (BAA) with every subscriber — on every plan, including trials. There is no minimum seat count or enterprise tier required.
Your data is never used to train models
We never train our models on your patient data. Your recordings, transcripts, and notes are used to deliver the service to you — not to build training datasets.
Security questionnaires
Evaluating Stream for your practice or health system and need a completed security questionnaire or more detail on our practices? Contact us and we'll work through it with your team.