SyncSOAP
Log In

Security & Compliance

Last updated: April 4, 2026

SyncSOAP is designed for privacy-conscious clinical documentation workflows. This page summarizes the technical and operational safeguards built into the product at a high level. It is provided for general informational purposes and does not replace customer-specific legal, compliance, or security review.

1. Workflow model

  • SyncSOAP generates draft clinical documentation from encounter audio, transcript text, and optional clinical images.
  • The clinician remains responsible for reviewing, editing, and approving the final note before it is used in the official chart.
  • The current product is optimized for a copy/paste workflow into the customer's existing EHR system.

2. Data protection controls

  • Data in transit is protected with TLS / HTTPS.
  • Application access is authenticated and restricted to authorized users.
  • Object storage access uses signed or otherwise authenticated access patterns rather than public file exposure.
  • Audit logging is used for important workflow and access events.
  • Environment flags are used to gate sensitive workflows and approved AI-processing paths.

3. Cloud services and subprocessors

SyncSOAP may rely on multiple cloud and software providers for hosting, authentication, database operations, object storage, email delivery, transcription, language-model drafting, and image analysis. Depending on the configured environment, different approved providers may handle different parts of the workflow.

Customers should confirm that each production subprocessor used in their deployment is acceptable for the intended workload and, where required, covered by the appropriate contractual terms or business associate arrangements.

4. Retention and export workflow

SyncSOAP is designed around short-term operational storage rather than long-term chart custody. Users should review and export or copy the final note into the official EHR record within the configured retention window.

5. Shared responsibility

  • SyncSOAP is responsible for the application controls implemented in the deployed product.
  • Customers are responsible for user provisioning, device practices, local operational procedures, downstream EHR handling, and verifying that the final production configuration matches their compliance requirements.
  • Customers should perform their own legal and compliance review before using the Service with regulated data in production.

6. Questions

If you need deployment-specific security or compliance details, please contact the application administrator before production use.