TranscribeMe, upon request, is able to provide language services fully compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This includes multiple safeguards designed to protect the privacy and security of personal health information, along with utilizing workers specifically cleared to work with this type of sensitive information. Our security measures for customer data protection are best-in-class, and we have passed numerous security audits from various Fortune500, healthcare, education, and government organizations. The security measures provided with the HIPAA compliant workflows are as such:
INFRASTRUCTURE AND NETWORK SECURITY
Data submitted to TranscribeMe is stored on servers located inside secure, dedicated Microsoft Azure data centers, with state-of-the-art physical and online intrusion prevention measures in place. The facilities are ISO certified and are proactively monitored and kept up-to-date with the latest security patches by 24/7 Microsoft staff. The Azure data centers are amongst the most advanced in the world and provide complete uptime reliability for the TranscribeMe service.
WORKER SECURITY AND CONFIDENTIALITY
TranscribeMe maintains crowd worker teams that are vetted, trained, and authorized to work on content containing PHI/PII. Workflows for data requiring a HIPAA compliant process are segregated from workflows for all other data, so our teams are aware of what type of data they are working with at all times. In order to be authorized to join our HIPAA work team, we require all team members to sign a Business Associate Agreement (BAA) and pass an entrance exam that demonstrates competence with handling medical data. Additionally, upon request, we can ensure that workers attached to a specific project also provide attestations declaring they maintained data confidentiality upon completion of a project.
QUALITY ASSURANCE SECURITY MEASURES
All of the content is streamed to the workers via our secure, encrypted work delivery platform. In fact, all client recordings are transferred with the same algorithms used to secure financial data in online banking transactions. This prevents the workers from downloading and storing files in progress on their computer and provides them the benefits of accessing advanced TranscribeMe transcription and translation tools. The crowd-workers engaged with processing the content must pass a range of complex exams and tests, and are validated for quality and efficiency prior to engaging on client files.
GEO-LOCATION AND GEO-FENCING
Upon request, data can be geo-fenced to specific geographic regions. We can ensure that your data does not physically leave a specific location, and we can set up dedicated servers within any geographic location. Additionally, worker teams can also be geo-fenced to specific locations as well, upon request. We are able to customize the workflow to meet any needs on the maintenance of data to a location.
DATA MAINTENANCE AND SUBMISSION PROCESS
In order to ensure data meets the necessary requirements for HIPAA compliance, we have set up a series of workflows outside of our normal processes. Data is submitted and maintained through a secure file transfer protocol (SFTP) platform that has been set up specifically for HIPAA compliance. We limit the amount of internal staff that has access to customer data within this SFTP only to essential personnel and have a policy of deleting all data pertaining to a specific project within 30 calendar days upon project completion unless otherwise requested. The SFTP platform can be customized to meet various requirements, including enabling multiple users access within a single organization, administrator functionality, and automated notifications of data submission/completion.
To learn more about TranscribeMe’s HIPAA compliant workflows and processes, we are happy to provide additional information, answer any questions, or undergo a security audit. Please send us a message at
firstname.lastname@example.org for any questions.
If you have a project, use case, or would like a quote on any language services requiring a HIPAA compliant process, please contact us at email@example.com with details on your project and we will be in touch shortly.