= Heidi Health =

Heidi
- Logo: Heidi_company_logo.svg
- Type: Private
- Industry: AI Healthcare Technology
- Predecessor: Oscer Heidi Health
- Founded: 2019
- Founder: Thomas Kelly Waleed Mussa Yu Liu
- Hq Location: Melbourne, Australia
- Area Served: Worldwide

Heidi Health is an Australian health technology company that develops artificial intelligence (AI) medical scribe software for clinical documentation to reduce the workload of note-taking. The software transcribes patient consultations and converts them into clinical notes, case histories, and other documents. Founded in 2019, Heidi Health operates internationally and provides its services across multiple countries.

== History ==

Heidi Health was founded in 2019 by vascular surgical resident Dr. Thomas Kelly and co-founders Waleed Mussa and Yu Liu. The company was initially launched under the name Oscer, focusing on clinical training tools for healthcare professionals. In 2021, the company rebranded as Heidi Health, shifting to AI-powered clinical documentation.

Currently, the company reports that its software is used in more than two million patient interactions per week across over 100 countries globally.

== Technology ==
Heidi's AI-powered medical scribe uses large language models (LLMs) and machine learning (ML) to generate structured documentation from clinical encounters. The system can produce clinical documents such as referral letters and patient summaries.

=== Reception ===
A 2025 KLAS Research spotlight reported that U.S. healthcare organizations using the tool cited reductions in clinician documentation time and improved note accuracy, although users mentioned EHR integration as an area needing improvement.

== Integration and security ==
Heidi integrates with different electronic health record (EHR) platforms such as Epic Systems, Athenahealth, Gentu by Magentus, Veradigm, Best Practice Software, MediRecords, and MedicalDirector, among many others. The company states that it complies with privacy and security frameworks, such as ISO 27001, SOC 2 Type II, HIPAA (U.S.), GDPR (EU), NHS regulations (UK), PIPEDA (CA), Australian Privacy Principles, among others.

In February 2026, a detailed client-side security audit of Heidi Health's scribe session page was published. The audit analyzed the front-end code, network traffic, and data storage of the page that displays clinical notes containing protected health information (PHI). The audit's findings and methodology were published alongside a timestamped evidence file and a HAR (HTTP Archive) format network capture.The audit report needs a verifiable URL or a secondary source. The report highlighted several security and compliance concerns, including personally identifiable information (PII) being appended to the URL's hash fragment on page load, third-party tracking through Google Analytics resulting in PII being sent to Google's servers, absence of content security policy (CSP) or subresource integrity (SRI) hashes, non-compliant vendor scripts (tag managers, ads, affiliate tracking), and extensive client-side storage potentially storing PII locally in cached API response objects. The analysis argued that the findings could constitute a violation of the UK GDPR and EU GDPR. This GDPR violation can be reproduced by any user with an existing subscription.

== See also ==
- Automated medical scribe
- Artificial intelligence in healthcare
- Electronic health records
