UA-113699190-1
top of page

HIPAA Statement

Effective Date: December 12, 2025

 

Qualtranscribe is committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) to ensure the confidentiality and security of protected health information (PHI) provided during transcription services. This statement outlines our practices regarding the collection, use, and protection of PHI when you utilize our transcription services for healthcare-related content.

 

1. PHI Collection

We collect only the PHI necessary to complete the transcription process. This may include, but is not limited to:

  • Patient names and demographic details

  • Medical record numbers

  • Diagnoses, procedures, and treatment plans

  • Clinical notes and summaries

 

2. Lawful Use of PHI

All PHI is processed solely for transcription purposes and related healthcare operations as authorized by the covered entity. We do not use or disclose PHI for marketing, data mining, or any other unauthorized purpose.

 

3. PHI Security Measures

We have implemented comprehensive technical, administrative, and physical safeguards to protect PHI from unauthorized access, disclosure, alteration, or destruction. These safeguards include:

Technical & Physical Safeguards

  • 256-bit AES encryption for data at rest and TLS 1.2 or higher for data in transit

  • Multi-factor authentication and role-based access controls

  • Mandatory use of encrypted, password-protected workstations

  • Secure remote work environment requirements

  • Prohibition on accessing PHI in public locations or on shared devices

  • Device security protocols including automatic screen locks and full-disk encryption

  • Automated session timeouts and secure login protocols

  • Comprehensive audit logs tracking all PHI access and modifications

Administrative Safeguards:

  • Mandatory HIPAA training for all personnel with PHI access

  • Signed Business Associate Agreements with all subcontractors handling PHI

  • Confidentiality agreements and Non-Disclosure Agreements (NDAs) with all team members and subcontractors

  • Verification that all subcontractors maintain HIPAA-compliant practices and security measures

  • Incident response and risk management protocols

  • Clear policies and procedures for PHI handling across all service providers​

3a. File Transfer and Data Storage

Secure File Transfer: Clients securely upload audio and video files containing PHI through a secure, encrypted web portal using TLS 1.2 or higher. All file transfers are encrypted end-to-end during transmission. We do not accept PHI via standard email, text message, or unsecured file-sharing services. Clients requiring alternative secure transfer methods should contact us to arrange SFTP, your institution's secure file-sharing platform (e.g., Box Enterprise or SharePoint), or other approved secure protocols

Data Storage: All PHI is stored on HIPAA-compliant servers with 256-bit AES encryption at rest. Our cloud infrastructure provider maintains SOC 2 Type II certification. PHI is stored in secure data centers located in the US East region (Virginia) with geographically redundant backups, ensuring data remains exclusively within the United States for data sovereignty and regulatory compliance.

Access Controls: Transcriptionists are granted time-limited access to specific files only for the duration necessary to complete transcription. Access is automatically revoked upon project completion, and all access attempts are logged for audit purposes.

4. Business Associate Agreements (BAAs)

Qualtranscribe enters into Business Associate Agreements with all covered entities prior to service initiation. These agreements confirm our commitment to HIPAA compliance and outline our responsibilities in handling PHI in accordance with applicable laws and regulations. BAAs must be executed before any PHI is shared.

5. PHI Retention and Disposal

PHI is retained only for the time necessary to fulfill the transcription request and provide quality assurance, typically not exceeding 30 days after project delivery. Once this period concludes, or upon earlier request from the covered entity, all PHI is securely deleted. We will retain PHI beyond this timeframe only when specifically instructed in writing by the covered entity or as required by law.

 

6. HIPAA Training and Compliance

All team members and subcontractors involved in healthcare-related transcription receive comprehensive HIPAA training upon engagement and regularly thereafter. Training covers:

  • Proper handling, storage, and disposal of PHI

  • Recognition and prevention of security incidents

  • Understanding of patient privacy rights

  • HIPAA Privacy and Security Rule obligation

6a. Geographic Operations and International Data Transfers

Qualtranscribe works with a global network of professionally trained transcriptionists to deliver high-quality, accurate transcripts with flexible turnaround times. Our subcontractors include professionals based in the United States, Canada, the United Kingdom and EMEA (Europe, Middle East, and Africa), all operating under signed Business Associate Agreements with HIPAA-compliant security protocols.

Service Options:

  • Standard Service: Transcription may be performed by qualified subcontractors in any of our approved locations, ensuring optimal matching of expertise, language capabilities, and turnaround requirements.

  • US-Only Service: For clients with institutional requirements, IRB restrictions, or federal funding mandates requiring domestic processing, all transcription is performed exclusively by US-based subcontractors with no international data transfers.

 

All international subcontractors:

  • Sign Business Associate Agreements committing to HIPAA-equivalent standards

  • Complete the same HIPAA compliance training as US-based staff

  • Follow identical security protocols for encryption, access controls, and data handling

  • Undergo the same vetting and quality assurance processes

7. PHI Disclosure

We do not disclose PHI to any third parties unless:

  • Required by law, or

  • With written authorization from the covered entity, or

  • To our subcontractors who have also signed Business Associate Agreements

 

8. Cooperation with Individual Rights
As a Business Associate, Qualtranscribe does not manage patient requests directly. We cooperate fully with our Covered Entity clients to facilitate patients' rights as outlined by HIPAA, including the right to access PHI, request amendments, receive an accounting of disclosures, and request restrictions on certain uses.

 

9. Breach Notification

In the event of a breach of unsecured PHI, Qualtranscribe will:

  • Conduct an immediate investigation

  • Notify the affected covered entity without unreasonable delay, and no later than 48-72 hours of discovery

  • Provide detailed documentation of the breach, affected individuals, and remediation steps

10. Audit and Monitoring

We maintain detailed audit logs of all PHI access and system activities. These logs include:

  • User identification and authentication records

  • Date and time stamps of all PHI access

  • Types of activities performed

  • System and application logs

11. Continuous Improvement

Qualtranscribe is committed to continuously improving our security posture through:​

  • Staying current with HIPAA regulatory updates

  • Implementing industry best practices and standards

  • Ongoing staff education and training

12. Client Responsibilities and Best Practices

To maintain HIPAA compliance throughout our partnership, clients are responsible for:

Account Security:

  • Using strong, unique passwords for portal access

  • Not sharing login credentials with unauthorized individuals

  • Enabling multi-factor authentication when available

  • Logging out of the portal when not in active use

Data Minimization:

  • Providing only the minimum necessary PHI required for transcription

  • Removing unnecessary identifiers when possible before file upload

  • Clearly communicating any special handling requirements or restrictions

Timely Review:

  • Reviewing completed transcripts promptly upon delivery

  • Downloading and securely storing transcripts within the designated access period

  • Requesting any necessary revisions within the specified timeframe

Contact Information 

By using our transcription services for healthcare-related content, you acknowledge and agree to the terms of this HIPAA statement. We are committed to maintaining the highest standards of PHI protection and privacy. For any inquiries or concerns related to PHI, please contact us at:

 

Email: support@qualtranscribe.com
Phone: 617-351-8271

bottom of page