Security & Compliance

At Commure, we believe that the power of artificial intelligence can transform healthcare for the better. However, we also recognize that this power comes with a profound responsibility. Our commitment to our clients is built on a foundation of trust, transparency, and the unwavering protection of patient and provider data. This philosophy guides every aspect of our AI development, from ethical design to principled data management. Athelas Scribe is built with security, privacy, and compliance at its core. We offer a robust suite of security features to safeguard patient data and give providers full control over access, retention, and authentication.

Authentication & Access

  • Face ID (iOS) Use Face ID to quickly and securely log in to the Athelas Scribe mobile app without typing a password.
  • Multi-Factor Authentication (MFA) Add an extra layer of protection by enabling MFA. After entering your password, you’ll be prompted to verify your identity with a secure 6-digit code sent to your email.
  • Auto Logout Sessions automatically time out after a period of inactivity, reducing the risk of unauthorized access on unattended devices.
  • Single Sign-On (SSO) SSO is supported for organizations that want to simplify secure logins using identity providers like Okta or Azure AD.
  • SCIM Integration Automate user provisioning and deprovisioning via SCIM (System for Cross-domain Identity Management), ensuring your staff roster stays in sync with your identity provider.

Retention & Data Lifecycle

Admins and users can control how long data is retained across different categories:
  • Transcripts Automatically delete text transcripts after a set period (e.g., 30, 60, or 90 days).
  • Audio Recordings Choose to store or auto-delete recordings after transcription to reduce storage risk.
  • Notes Set rules for how long clinical notes are stored in the system, aligning with your org’s compliance standards.
🔧 These retention settings can be configured in the Preferences panel under Data Management.

Compliance Standards

Athelas Scribe is compliant with industry-standard frameworks, including:
  • HIPAA (Health Insurance Portability and Accountability Act) Ensuring the confidentiality, integrity, and availability of protected health information (PHI).
  • SOC 2 Type II Demonstrating operational excellence and data security practices through rigorous third-party auditing.