How PraxPilot Handles Patient Data
PraxPilot is designed for use in clinical environments where responsible handling of sensitive information is essential.
The platform focuses on working with clinical signals and practitioner insights, while minimizing the need for identifiable patient information.
What PraxPilot Stores
PraxPilot stores only the information necessary to support case analysis and protocol generation.
This may include:
Case intake data (symptoms, clinical notes, lab markers, and practitioner-provided case identifiers)
Generated and edited protocol content
Version history and activity logs related to case changes
Practitioner account information and profile settings
This information allows practitioners to manage cases, generate protocols, and maintain continuity of care within their practice.
Is PraxPilot HIPAA compliant?
PraxPilot is a UK-based platform governed by UK GDPR (enforced by the ICO). HIPAA is a US federal law that applies to covered entities — healthcare providers, health insurers, and their direct business associates — and does not apply to PraxPilot as a UK data processor.
That said, PraxPilot is designed with privacy-first principles:
We do not require practitioners to enter patient names or identifiable information — we guide users toward pseudonymous identifiers (initials, codes, or reference numbers)
Clinical notes and imported documents are processed to extract structured data only — raw files are not permanently stored- Data is encrypted in transit and at rest
Practitioners remain the data controllers; PraxPilot acts as a data processor
PraxPilot does not enter into Business Associate Agreements (BAAs) with covered entities under HIPAA. If your organization operates as a HIPAA-covered entity and requires a BAA from all software vendors, PraxPilot is not the appropriate tool — please consult a HIPAA-covered EHR solution.
What PraxPilot Does Not Store
PraxPilot does not permanently attach uploaded documents to case records.
When consultation notes or lab files are imported:
The system extracts clinically relevant signals from the document.
The extracted structured data (such as symptoms or lab values) is saved to the case.
The uploaded file itself is not retained as part of the case record.
However, depending on the underlying platform infrastructure, uploaded files may temporarily exist in storage systems outside of PraxPilot's direct control unless removed by the platform provider.
For a full explanation of how uploads are processed, see:
How Uploaded Notes & Lab Files Are Processed and Deleted
Patient Identifiable Information
PraxPilot does not require identifiable patient information in order to function.
The system is designed to operate using:
Clinical symptoms
Lab markers
Practitioner observations
Case identifiers
Practitioners are encouraged to avoid including directly identifiable patient information whenever possible, such as:
Full patient names
Addresses
Phone numbers
Email addresses
Insurance identifiers
Social security numbers
Instead, practitioners may use:
Patient initials
Case IDs
Internal reference numbers
This approach helps reduce unnecessary exposure of sensitive data while still allowing PraxPilot to generate clinically useful protocols.
Data Isolation
Your case data remains private to your workspace.
Specifically:
Case data is accessible only to users within your account or organization
Data is never shared with practitioners outside your team
Your data is not used to train personalization models for other users
Security
PraxPilot uses industry-standard security practices to protect practitioner and case data.
This includes:
Encryption for data in transit
Encryption for stored data
Access controls within organizational workspaces
Questions About Data Privacy
If you have questions about how PraxPilot handles data or privacy practices, please contact support@praxpilot.com