Compliance-focused workflow notes
What Makro does for HIPAA-sensitive teams.
The honest version: Makro is not a HIPAA-covered entity and does not sign BAAs. What we do offer is a technical posture that makes it easy to keep PHI off our servers entirely.
The problem
What makes healthcare / hipaa different.
Clinicians and admins need a text expander that does not become a data-exfiltration path. Cloud sync and cloud AI are features in most tools; for PHI, they are liabilities unless you can hard-disable them.
Sample library
Hotwords a healthcare / hipaa would keep.
A plausible shortlist - build your own from here. Every macro ships editable and deletable; nothing is forced on your library.
soap
SOAP note template - local storage only when Sensitive Mode is on.
.portal
Portal message template - pure text expansion, no cloud path invoked.
.rx
Prescription detail scaffold - stays on device.
What makes the difference: What the technical controls actually do: Sensitive Mode blocks cloud AI at the processing layer; cloud sync is opt-in and end-to-end encrypted (we see ciphertext only, not PHI); clipboard history auto-clears; all local macros are encrypted at rest with AES-256-GCM.
Honest limits: We recommend: run Makro with Sensitive Mode on, disable cloud sync if your policy prohibits it, and pair with a local AI (Ollama) for any rewrite needs. This is technical guidance, not legal advice - your compliance officer has the final call on whether Makro's configuration fits your requirements.