Resources

Resources & Knowledge Base

Find guides, templates, documentation, and answers to your compliance questions.

Access levels: Public Visible without logging in Subscriber Requires an active account

OCR Audits Begin April 2026

Time is running out to prepare your compliance documentation.

OCR issued formal guidance in January 2025 requiring documented compliance for AI scribe usage. Practices have until Q2 2026 to implement compliant processes.

Start Compliance Wizard ›

Getting Started

Getting Started Guide Public

New to GetCompliant? Start here with our step-by-step guide.

View Guide ›

Compliance Wizard Subscriber

Create all your compliance documents in 45 to 60 minutes.

Start Wizard ›

Support Public

Get help when you need it.

Contact Us ›

Blog & Articles Public

What the 2026 OCR AI Scribe Guidance Actually Says (Analysis)

An in-depth analysis of OCR's 2026 guidance on AI scribe compliance. Understand what HIPAA requirements actually mean for medical practices using AI documentation tools.

Read Article ›

5 HIPAA Gaps We Found in 90% of AI-Generated Clinical Notes

Common HIPAA compliance gaps in AI-generated clinical notes that could put your practice at risk.

Read Article ›

How to Document Your AI Scribe Compliance in Under an Hour

Step-by-step guide to creating OCR-ready HIPAA compliance documentation for AI scribe usage.

Read Article ›

Remote Patient Monitoring: New CMS Rules You Need to Know (Q2 2026)

New CMS rules for Remote Patient Monitoring (RPM) take effect in Q2 2026.

Read Article ›

Telehealth HIPAA Checklist: Post-Pandemic Enforcement is Here

Post-pandemic HIPAA enforcement for telehealth is here. Use this comprehensive checklist.

Read Article ›

Product & Company Information

Product Roadmap Public

View our strategic plan and upcoming features for 2026.

View Roadmap ›

Technical Information Public

Technical specifications, API documentation, and integration guides.

View Technical Info ›

Business Information Kit Public

Company overview, press kit, and business resources for partners and investors.

View Business Info ›

Frequently Asked Questions

Common questions from medical practice managers about HIPAA compliance, BAAs, and AI scribe oversight.

Do I need a Business Associate Agreement (BAA) with my AI scribe vendor?

Yes, absolutely. Under HIPAA regulations (45 CFR 164.504(e)), you cannot share Protected Health Information (PHI) with any third party without a signed BAA. Using an AI scribe tool without a BAA is an automatic HIPAA violation, regardless of whether a breach occurs.

What happens if my AI scribe vendor refuses to sign a BAA?

Do not use that vendor. If a vendor refuses to sign a BAA or claims "we're HIPAA-compliant, trust us," this is a major red flag. You cannot legally use their service for clinical documentation.

How often do I need to audit AI-generated notes?

Quarterly spot-check audits are required. OCR guidance requires practices to audit 20-50 AI-generated notes per provider per quarter.

Can physicians just sign AI-generated notes without reviewing them?

No. OCR considers unreviewed AI notes as "auto-population" violations. A licensed physician must review, edit if needed, and attest to every AI-generated note before it is finalized.

What is "PHI minimization" and why does it matter?

PHI minimization means including only the minimum necessary patient information. AI tools often over-document, including irrelevant details. You must review and remove excessive PHI before finalizing notes.

Do I need patient consent to use AI scribes?

Yes, in most cases. Patients must be informed that AI tools are being used and consent to recording. This is especially important in two-party consent states.

What should I do if there is a data breach involving my AI scribe?

Act immediately. Notify your compliance officer, preserve all evidence, document what happened and who was affected. You must notify OCR within 60 days if the breach affects 500+ patients.

Can I use consumer AI tools like ChatGPT for clinical notes?

No, never. Consumer AI tools do not sign BAAs and are not designed for PHI. Using them for clinical documentation is a HIPAA violation.

What documentation do I need for an OCR audit?

You need to demonstrate six core requirements: (1) Signed BAAs with all AI vendors, (2) Written AI usage policies, (3) Physician review and attestation, (4) Quarterly audit results, (5) Staff training records, and (6) Risk assessments.

How much will OCR fines cost if I am not compliant?

Fines start at $50,000 per violation and can reach $1.5 million per year for repeated violations. Willful neglect can result in criminal penalties.

When do OCR audits of AI scribe usage begin?

OCR audits targeting AI scribe users begin April 2026. Practices have until Q2 2026 to implement compliant processes.

Do small practices need to comply with OCR requirements?

Yes, there are no exemptions for practice size. All covered entities using AI medical scribes must comply with OCR's six core requirements.

Compliance Guides & Documentation

OCR Compliance Education Guide Public

Complete guide to OCR's January 2025 AI scribe regulations.

Download ›

Compliance Guides Public

Educational resources and documentation.

Download Guide ›

Templates & Downloads

AI Scribe Training Guide Subscriber

Required training materials for clinical staff using AI scribes.

Sign in to access.

AI Usage Policy Template Subscriber

Ready-to-customize policy template for your practice.

Sign in to access.

Quarterly Audit Checklist Subscriber

Form for conducting quarterly spot-check audits.

Sign in to access.

Vendor Risk Assessment Subscriber

Template for assessing AI scribe vendor risks.

Sign in to access.

Template Library Subscriber

Complete collection of customizable compliance templates.

Sign in to access.

Start documenting today. It's free.

Start the Compliance Wizard

Not ready? anything about HIPAA compliance.