ScribeCraft Help Centre

ScribeCraft Help Centre

Guides, FAQs, and resources to help you get the most from ScribeCraft in your practice.

Activate SpellBook a Demo
Back to Help Centre

Our Approach to Safety

ScribeCraft is designed from the ground up to meet the highest standards of data protection and clinical safety required by UK healthcare.

Clinician in Control (Human-in-the-Loop)

ScribeCraft is an administrative support tool — it does not make clinical decisions. Every document generated is a draft that must be reviewed and validated by the clinician before use. The clinician retains full responsibility for the final content.

Zero-Retention Architecture

Audio data is processed in real time and immediately deleted. No recordings or patient data are retained on our servers. Zero-retention by design.

Encryption at Every Layer

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Only the authenticated user can access their generated documents — the ApolloIQ team has no access to document content.

AI Training Guarantee

Your data is never used to train, retrain, or improve any AI models. This is contractually guaranteed in our Terms of Service and DPA.

UK GDPR & Data Protection

Data Processing Framework

All data processing complies with UK GDPR and the Data Protection Act 2018. Your practice is the Data Controller; ApolloIQ is the Data Processor, formalised through a Data Processing Agreement (DPA) signed at account activation.

The legal basis for processing health data through ScribeCraft is Article 6(1)(e) UK GDPR (task carried out in the public interest — healthcare provision) and Article 9(2)(h) (processing necessary for health or social care).

Informing Patients

Under UK GDPR, no separate patient consent form is required. Practices should:

  • Update their privacy policy to include ScribeCraft as a processing activity
  • Display a notice in the waiting room (see our For Patients page for suggested wording)
  • Clinicians should briefly mention ScribeCraft at the start of consultations
  • Patients can opt out at any time — their care continues as normal

Compliance & Certifications

Class I Medical Device

Registered under UK Medical Devices Regulations 2002. Administrative documentation tool, no diagnostic/therapeutic functions.

UK GDPR Compliant

Fully compliant with UK GDPR and Data Protection Act 2018.

ISO 27001 Standards

Information security management aligned with ISO 27001.

AI Act Ready

Designed with transparency obligations per EU AI Act (Regulation 2024/1689).

Microsoft for Startups Partner

Built on Microsoft Azure infrastructure.

Clinical Risk Management

DCB 0129 COMPLIANT ALARP VERIFIED

ScribeCraft has undergone a formal clinical risk management process in accordance with DCB 0129 (Clinical Risk Management: its Application in the Manufacture of Health IT Systems). All identified hazards have been assessed, mitigated, and reduced to As Low As Reasonably Practicable (ALARP).

The system is classified as an advisory documentation tool — it does not provide diagnostic advice or treatment recommendations. Every output is a draft requiring mandatory clinician review before use.

Hazard Log Summary

The following hazards were identified through clinical risk analysis conducted by a multi-disciplinary team, overseen by the Clinical Safety Officer. Each hazard includes its control measures and residual risk level.

H-SC-1 Residual Risk: 2
AI-Generated Inaccuracy (Hallucination)

The AI model generates inaccurate information not present in the consultation transcript, leading to incorrect treatment decisions or diagnoses if entered into the EPR unchecked.

Control Measures
  • System prompt enforces zero-hallucination rules with low temperature setting (0.2) for deterministic output
  • Instructions for Use mandate clinician verification of all content
  • Side-by-side UI displays source transcript alongside generated summary for easy comparison
H-SC-2 Residual Risk: 2
Omission of Critical Information

The AI omits critical clinical information such as allergies, medications, or key findings from the generated summary, potentially leading to missed diagnoses or adverse reactions.

Control Measures
  • System prompt instructs the model to leave fields blank rather than invent or omit data
  • Instructions for Use require clinician to verify completeness
  • Side-by-side transcript view enables the clinician to spot missing information
H-SC-3 Residual Risk: 3
Wrong Patient Record

The clinician pastes the generated note into the wrong patient's record, causing a data breach for one patient and an incomplete medical record for another.

Control Measures
  • Instructions for Use require clinician to verify patient identity before pasting
  • Manual copy/paste workflow forces a deliberate clinician action (no auto-write to EPR)
  • No direct EPR integration — an intentional design choice to prevent automated misattribution
H-SC-4 Residual Risk: 3
Automation Bias

The clinician fails to adequately review the AI-generated summary, accepting it without verification due to over-trust in the system. Incorrect or incomplete information enters the EPR.

Control Measures
  • Instructions for Use contain explicit warnings: "You MUST review and verify all content"
  • Manual copy/paste acts as a procedural "hard stop" — no auto-write function exists
  • System clearly states: "You, the clinician, are solely responsible for the final clinical note"
H-SC-5 Residual Risk: 1
Failure to Inform Patient

The clinician records a consultation without informing the patient, resulting in a breach of trust, legal non-compliance, and potential GMC implications.

Control Measures
  • Instructions for Use mandate: "You MUST inform patients before recording"
  • Welcome screen displays the requirement prominently
  • Patient-facing materials provided to all practices
H-SC-6 Residual Risk: 1
Unauthorised Data Access

Unauthorised access to stored data leads to a sensitive data breach, legal failure, and compromised patient confidentiality.

Control Measures
  • Zero-retention architecture — audio is processed in real time and immediately deleted
  • System prompt enforces privacy rules: no patient-identifiable data stored outside session
  • All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
H-SC-7 Residual Risk: 2
Gross Transcription Error (Poor Audio)

Poor audio quality (background noise, low volume, multiple speakers) causes significant transcription errors, leading to an inaccurate summary and wasted clinician time.

Control Measures
  • Instructions for Use warn that accuracy depends on good audio quality
  • Guidance provided: "For complex cases, dictate a 30-second summary at the end"
  • Side-by-side transcript view allows clinician to identify transcription errors

Residual Risk Evaluation

All identified hazards have been mitigated through a combination of technical controls (system prompt engineering, low-temperature LLM configuration, zero-retention architecture), UI controls (side-by-side transcript view, manual copy/paste workflow), and procedural controls (Instructions for Use, patient information requirements, clinician training).

The highest remaining residual risks are H-SC-3 (Wrong Patient Record) and H-SC-4 (Automation Bias), both at Risk Level 3. These are inherent to any stand-alone documentation tool and are mitigated by the deliberate manual copy/paste workflow — the strongest possible control in this architecture.

The clinical benefit — significant reduction in administrative burden on clinicians, allowing for more time on direct patient care — is judged to outweigh the low, ALARP-mitigated residual risks.

Request Safety Documentation

Need the Full Safety Documentation?

Request the complete Clinical Safety Case Report, Hazard Log, and Process Definition Document for your ICB or procurement process.

Questions about clinical safety? Email our Clinical Safety Officer