Question 1

Is Heidi allowed in the National Health Service (NHS)?

Accepted Answer

Yes. Heidi is NHS approved and complies with the governance, security, and clinical safety requirements that NHS organisations use to assess digital health technologies. We also provide all the documentation needed for local review and approval. Today, Heidi is used across NHS organisations in the UK such as the Leeds and York Partnership NHS Foundation Trust, the Dudley Group NHS Foundation Trust, and more. Furthermore, Heidi has been proven to cut NHS documentation time by 86%.

Question 2

How does Heidi protect patient information in the UK?

Accepted Answer

We protect patient information with UK data hosting, encryption in transit and at rest, audit logging, continuous security monitoring, and independent security testing. Clinicians stay in control. Every note is reviewed and approved before it becomes part of the patient record. We do not write directly into the EHR. While we store transcripts and generated notes, we do not store audio recordings.

Question 3

Can Heidi provide a Hazard Log and Clinical Safety Case Report?

Accepted Answer

Yes. Heidi maintains both documents under DCB0129 and DCB0160, approved by our NHS-accredited Clinical Safety Officers: Dr. Hannah Allen, Dr. Samuel Adedero, and Dr. Kieran McLeod. The Hazard Log records identified clinical hazards, their assessment, mitigations, and residual risk, while the Clinical Safety Case Report sets out the safety argument and supporting evidence. These documents are kept current and reviewed as part of our quality process. They are available through our Trust Centre or request the latest version via compliance@heidihealth.com.

Question 4

Is UK data used to train Heidi’s AI models?

Accepted Answer

No. Heidi does not use patient or customer data to train or fine-tune its AI models. This policy applies globally: to clinicians in the UK, the US, Australia, Canada, the EU, and every other market where Heidi operates. There is no exception by region, plan tier, etc. Any clinical content processed through Heidi is used only to deliver the service, such as generating transcripts and clinical documentation. We develop and evaluate our models using publicly available datasets, synthetic medical data, and clinically validated sources. Never real patient records.

Question 5

Does Heidi hold independent security certifications in the UK?

Accepted Answer

Yes. We maintain international security certifications, including ISO/IEC 27001:2022, SOC 2 Type II, Cyber Essentials, and Cyber Essentials Plus. Heidi is also the world’s first ISO 42001-certified ambient AI, upholding the leading quality requirements for AI management systems globally. These certifications provide independent assurance that our security and data protection practices meet recognised industry standards.

UK

Ask AI about Heidi:

UK

Secure your customers' health data

Locally hosted data

DCB0129

DTAC (Digital Technology Assessment Criteria)

DSPT (Data Security and Protection Toolkit)

Cyber Essentials certified

Information Commissioner

Data Protection Act