Mental health data requires more than standard security controls.
HIPAA, SOC 2 Type II, and ISO/IEC 42001 certified. ISO/IEC 42001 is the international standard for AI management systems. Few AI scribes in behavioral health hold it.
Independently audited. Continuously monitored.
Why ISO/IEC 42001 matters.
ISO/IEC 42001 is the international standard for AI management systems: how an organization governs, monitors, and improves its AI products over time. It is rare in this category. Most AI scribes are HIPAA + SOC 2 only. We pursued 42001 because mental-health data is sensitive enough to deserve a layer above the minimum, and because procurement teams at hospital systems have started asking for it.
Clear PHI boundaries.
- Encrypted in transit and at rest (TLS 1.3, AES-256).
- No model training on customer PHI. Ever.
- Configurable retention. Recordings deleted on signature.
- SSO, SCIM provisioning, audit logs.
- US-hosted on infrastructure with HIPAA BAAs.
The clinician is always the author.
AriaMD is grounded in retrieved encounter context, generates with safety guardrails, and surfaces sources for every assessment. The clinician reviews and signs every note. The AI never owns the chart.