At Lyrebird Health, the transcription process – converting speech into text – is performed exclusively within the UK. This localisation policy is critical to our data security framework. By confining transcription activities within our national boundaries, we effectively eliminate the risks associated with international data transfers. This procedure not only ensures compliance with domestic data protection laws but also reinforces our commitment to patient privacy.
Post-transcription, we promptly eliminate the original audio files from our servers. This protocol drastically minimises the window of vulnerability that could otherwise be exploited by unauthorised entities. By doing so, we ensure that sensitive audio data does not linger unnecessarily in our systems, significantly reducing the potential for unintended data breaches. This process is akin to maintaining a lean data footprint, whereby we handle only the necessary data and dispose of it securely and promptly.
Our commitment to privacy is further exemplified by the use of a specialised redaction algorithm. This algorithm scans the transcriptions, identifies, and removes any sensitive identifiable information before these documents are sent to our AI model. By ensuring that our AI only processes non-identifiable health information, we maintain a strict separation between the personal data and medical information, preserving patient anonymity.
Lyrebird Health implements robust encryption protocols, acting as an additional layer of security for patient data. This method involves transforming the information into an unreadable format, decipherable only by authorised entities possessing the correct 'key.' Thus, both during data transit - when data is being moved from one place to another - and data at rest - when it is stored on our servers - your information remains secure and inaccessible to potential malicious actors.
Lyrebird Health operates on a need-to-know principle regarding data access. Strict access control measures are put in place to ensure that only the concerned clinician can access the patient data. This further limits potential points of data exposure, thereby enhancing the overall security of your personal health information.
Our data retention policy complements our other security measures, striking a balance between clinician access needs and patient privacy. By default, all patient notes are deleted from our servers after seven days. However, if clinicians require extended access, they can opt to keep the data for a maximum of six months. Beyond this period, the data is irretrievably erased, helping to limit the accumulation of patient information on our servers.
Lyrebird Health employs a multi-faceted approach to data security, integrating stringent data handling protocols, advanced encryption methods, and robust access controls. Our commitment to ensuring patient information safety is unwavering. If you would like to get in contact with us, please reach out here.