Privacy and security, designed for modern clinical care

Blueprint is a modern EHR and AI Assistant for therapists, designed to securely manage their client records and practice data while meeting real-world expectations for privacy, compliance, and recordkeeping.

HIPAA Compliant

PHIPA Compliant

SOC 2 Compliant

Compliance and security at a glance

Blueprint is built on a secure, audited infrastructure that meets industry standards for protecting health information, verified through independent audits and ongoing security reviews.

Our commitment to you

Here’s what you can expect when you use Blueprint:

You own and control your data

You control how client records are created, reviewed, and finalized, and how AI-assisted content is retained or deleted.

AI in a supporting role

Your AI Assistant supports tasks across your practice, while final clinical judgment stays with you. You review and sign off on what becomes part of the client record, and AI-assisted drafts remain editable until you do.

Real world recordkeeping

Your documentation is time-stamped, versioned, and stored to support audits, reviews, and long-term recordkeeping requirements.

Your client data stays private

Your client information is never sold, shared, or used to train AI models.

How it works

Blueprint supports clear review and approval of clinical records, with safeguards applied throughout documentation and practice workflows.

Documentation, with or without recording

Documentation can be created with or without session recording

Recording is optional and fully controlled by you

When recording is used, audio supports documentation only and is deleted immediately after processing

No recordings, copies, or backups are retained

Draft before final

Notes, summaries, treatment plans, and AI-assisted suggestions begin as draft content

Drafts remain editable and can be reviewed, revised, or discarded

Nothing becomes part of the client record without your review and approval

Records built for compliance

Finalized records are time-stamped, versioned, and locked to support audits, reviews, and long-term recordkeeping requirements

Secure practice data

Scheduling, billing, client forms, and other practice data are handled securely and in line with standard privacy and compliance expectations

How your data is protected

Blueprint is built to keep client information private, secure, and compliant.

HIPAA compliant

Blueprint meets HIPAA requirements for protecting health information.

BAA included

A Business Associate Agreement is automatically included when you sign up for Blueprint. A signable copy is available if needed for your records.

SOC 2 Type II certified

Annual independent audits verify our data security and privacy practices.

Encryption at all times

All data is encrypted in transit and at rest using industry-standard encryption.

Audit-ready records

Record access and history are preserved to support audits and compliance reviews.

Clear data retention rules

AI-assisted drafts remain editable until a record is finalized. Finalized records are retained in line with professional and legal expectations.

Backups and disaster recovery

Secure backups and redundancy protect data availability and integrity.

Trusted infrastructure

Blueprint uses vetted US-based infrastructure and service providers that meet HIPAA and security compliance requirements.

Frequently Asked Questions

Is Blueprint HIPAA compliant?

Yes. Blueprint meets HIPAA requirements for protecting health information and supports applicable regional privacy standards, including PHIPA.

Do you provide a Business Associate Agreement (BAA)?

Yes. A BAA is automatically included as part of our Terms of Service when you use Blueprint. If you need a countersigned copy for your records, a signable version is available.

Is session recording required?

No. Recording is optional and fully controlled by you. Documentation can be created with or without recording.

Do you store session audio?

No. When recording is used, audio is used only to support documentation and is deleted immediately after processing. No recordings, copies, or backups are retained.

Do you train AI models on client data?

No. Client data is never used to train AI models.

Can I review or edit AI-assisted documentation before it becomes part of the client record?

Yes. AI-assisted drafts remain editable until a record is finalized. Nothing becomes part of the client record without review.

What happens to finalized client records?

Finalized records are stored securely and follow standard professional and legal retention expectations.

How is my data protected?

All data is encrypted in transit and at rest. Blueprint also undergoes annual independent audits to verify data security and privacy practices.

What happens if there’s a subpoena or legal request for client data?

Blueprint responds to valid legal requests in accordance with applicable law and notifies clinicians when permitted. You can learn more here.