PHI redaction and privacy

PHI redaction and privacy

Overview

Mediyn’s PHI-redaction and data-protection features give therapists and clinic administrators control over how patient-identifying information is handled across documentation, transcripts, uploaded files, and patient-facing portals. Policies and access controls are enforced consistently across devices and sessions without requiring manual setup by clinic staff. The sections below describe each area of protection and how to use it.

---

Role-Based PHI Masking

• Sensitive patient fields — including full names and contact details — are hidden by default in the interface. Authorized roles can reveal masked information only after completing the required verification step.
• Masking is enforced from the backend and applies consistently across all devices and sessions without requiring configuration by clinic administrators.
• Therapist accounts display only the patients assigned to them. Clinic administrators retain full visibility across all patients.

---

Redaction Policies Configuration

• The Redaction Policies status badge on the Compliance settings page reflects your clinic’s current configuration.
• If no redaction policies have been set up, the badge shows Not configured in gray.
• Once at least one policy is added, the badge switches to the green Active indicator.

---

PHI Detection in Worksheets and Documentation

• Worksheet drafts that previously showed a false PHI warning on a template title or section header now open in a ready state without requiring acknowledgement. Affected drafts were automatically corrected; no action is needed from clinicians or clinic staff.
• Worksheet review no longer flags clinical technique names, therapy modality names, or product names. Detection of actual patient-identifying information is unchanged.
• When reviewing a document for potential identifying information before finalisation, warnings can be acknowledged on a field-by-field basis. Dismissing a warning on one field does not affect the same warning type appearing on other fields. Existing workflows that dismiss all warnings of a given type in one action continue to work without changes.
• When overriding a soft warning during documentation or worksheet workflows, therapists are prompted to provide a rationale for the override. This reason is saved alongside the acknowledgement and is available in the practice’s audit record.

---

Transcript Redaction

• Transcripts generated from audio sessions and telehealth calls use a dedicated token for named individuals mentioned in the session — such as family members, friends, and colleagues — keeping them clearly separate from the token reserved for the patient.
• This distinction improves the readability and clinical accuracy of redacted transcript text visible in notes and session records.

---

On-Device Processing for Session Notes

• After a session recording, notes, transcripts, and clinical insights are generated on your device before anything is sent to Mediyn’s servers, keeping identifiable information local.
• In the rare event that on-device processing is unavailable, the app falls back to a secure encrypted upload that is automatically deleted from Mediyn’s servers once session notes are ready.
• All session documents show whether they were generated on your device or by Mediyn’s backend.

---

Audio Upload Handling

• Audio uploads are processed entirely through the Mediyn backend. No cloud storage addresses, file paths, or infrastructure details are sent to your browser or device.
• Error messages during upload are concise and do not contain any internal system information.

---

Document Visibility and Sharing

• Documents uploaded to a patient’s record default to private and do not appear in the patient portal until explicitly shared.
• Therapists and clinic admins can mark any document as Share with patient or revert it to private at any time from the document detail view. The patient portal updates immediately.
• Any description entered when uploading a document is saved and displayed alongside the file. Patients can also see who shared each document in their portal.
• All document downloads are recorded in the platform’s audit log.

---

Document Malware Scanning

• Uploaded documents are scanned for malware before they are made available for preview or download.
• After upload completes, a document briefly shows a pending status while the scan runs, then updates to reflect the scan result.
• Files shared within your practice have been verified before anyone accesses them.

---

Patient Data Exports

• If a patient data export is interrupted — for example, during a scheduled system update — it automatically shows a failed status with a message prompting you to retry, rather than remaining stuck in a processing state indefinitely.
• You can re-submit the export request and receive your file normally. No action is required for exports that complete successfully.

---

Patient Record Archiving and Restoration

• When a patient record is archived and later restored, Mediyn automatically reinstates the patient’s contact email and portal invitation status, provided the email address has not been claimed by another patient in the interim.
• If the email cannot be reinstated, the record is still restored to active status and a clear warning is shown so the details can be updated manually.
• The restore action returns confirmation of exactly what was recovered.

---

Consent Form Recording

• Consent forms included in automatically sent intake packets are fully recorded when a patient signs them. Signed copies are generated and stored, and the consent history visible to clinic staff accurately reflects the patient’s signature.
• Consents that were signed before this correction was applied have been retroactively recorded.