Enable Domain Capture to prevent unauthorized signups from your domain
Enable SAML-based SSO
Verify your Workspace's Domain
Data Integrity Controls
Disable Meeting Report Downloads
Adjust Report Distribution Settings to 'No Access' for Internal and External Participants
Disable Public Link Access and Domain Discovery
Disable distribution of Meeting Recaps, Pre-Reads, Topic Summaries, and Live Meeting Dashboard Links
HIPAA enforces host-only auto-join settings by default. Read will only auto-join meetings when the user is identified as the host.
If needed, users can manually add Read to a meeting from the Read calendar page.
Select appropriate Integrations available to your users at the Workspace level.
When HIPAA compliance is enabled, push integrations (Notion, HubSpot, Asana, Jira, Confluence, Salesforce, Microsoft Teams, and Linear) are turned off by default. The workspace owner or admins can choose to re-enable them in Workspace Settings if appropriate.
Data Retention
Data Retention settings can be configured under Workspace Settings > Settings > Advanced > Data Retention Policy. For instance, enabling a data retention policy of 30 days means that Read AI will automatically delete all Meeting Reports owned by your workspace after 30 days. Without a Data Retention period set, your Meeting Reports will be retained for as long as your Read AI account is active
Customer data is encrypted at rest using at least AES-256
Data is encrypted in transit with TLS 1.2 or greater.
Additional information and best practices
Your default workspace permissions will be customized to minimize the potential for improper sharing or viewing of electronic Protected Health Information (ePHI)
A Business Associates Agreement (BAA) is required to enable HIPAA support
Do not include ePHI in:
Meeting Titles
Calendar events/descriptions
Support tickets
Please note that Ada is not available for users in a HIPAA-compliant workspace.