Security and privacy that builds trust
Journalia has been built for safe use in clinical settings from day one, so you can focus on the patient.
CE Class 1
Meets EU requirements for quality, safety and regulatory compliance
GDPR
Full compliance with Norwegian and European patient privacy legislation
Data Security
Strict security requirements designed to the ISO 27001 standard
Responsible Use
Journalia encourages responsible use and open dialogue between clinician and patient
What makes Journalia safe?
Audio is never stored
Consultations are transcribed in real time. Audio recordings are never stored.
No training or storage of patient data
Patient data is never used to train AI models.
Personal encryption
All data encrypted at the user level – only the logged-in clinician can view patient data.
Secure authentication
Authentication via BankID and Buypass to ensure access control.
Automatic deletion
All transcription data is automatically deleted after 48 hours.
Data processing in EU/EEA
All data processing takes place with approved subprocessors within the EU/EEA.
What does the CE marking mean?
Journalia is CE-marked as Class 1 medical software under the EU MDR (Medical Device Regulation 2017/745). This means the product meets the EU's requirements for safety, performance and quality for medical devices.
As a CE Class 1 device, Journalia is a pure documentation tool without clinical decision support. The system automates note-writing, but the treating clinician always retains full responsibility for the professional content.
How does Journalia protect patient privacy?
Journalia is developed in Norway with a thorough focus on Norwegian and European privacy legislation. We comply with GDPR, the Health Personnel Act, the Patient Records Act and Normen for information security in health and care services.
Transcription happens in real time - no audio recordings are stored. Only the treating healthcare professional has access to the generated note, which is automatically deleted after 48 hours.
We follow health authority guidelines for the use of artificial intelligence in health and care services, and limit use to transcription and documentation without decision support.
Key security measures
- Real-time transcription without audio storage
- Access control limited to treating healthcare professionals
- Automatic deletion of all data after 48 hours
- Guidelines in line with health authority recommendations
How does Journalia approach information security?
Journalia works according to the ISO 27001 framework, the international standard for information security management systems (ISMS). This involves systematic risk assessment, clear policies and continuous improvement.
We are working towards formal certification and are in the process of audit. Our goal is to ensure that all processes and systems meet the requirements of the standard.
We are in the process of formal ISO 27001 audit.
How to ensure responsible use in practice?
In accordance with data protection authority requirements, patients must be informed when artificial intelligence is used during consultations. Journalia recommends that healthcare professionals inform patients verbally and through an information poster in the waiting room.
Suggested communication
“I will use a transcription tool that summarizes the session in writing afterwards. The result is that I update your medical record faster and more comprehensively. Everything is in accordance with GDPR laws and access is limited to me as your clinician. Audio recordings are never stored and the written summary is permanently deleted within 48 hours.”
Download information posters for waiting rooms
Contact us
Do you have questions about security or privacy? Our team is happy to answer.