TranscribeMe and HIPAA Compliance
Our customers in enterprise businesses are satisfied with the security measures provided by TranscribeMe. We have passed the most rigorous security audits from Fortune 1000 companies concerned with security measures to protect their data, and we are confidently processing transcriptions for these customers today.
TranscribeMe is fully compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requirements for Medical Transcriptionists, with multiple safeguards designed to protect the privacy and security of personal health information. Our security measures for customer data protection are best-in-class, and cover multiple levels:
Infrastructure and Network Security
Our servers are located inside secure, dedicated Amazon Web Services (AWS) data centers, with state-of-the-art physical and online intrusion prevention measures in place. The facilities are ISO certified and are proactively monitored and kept up-to-date with the latest security patches by 24/7 Amazon staff. The AWS data centers are amongst the most advanced in the world and provides complete uptime reliability for the TranscribeMe service.
Micro-tasking Security and Confidentiality
As a major part of our transcription process, we involve real human crowd-workers in the delivery of transcription services. To ensure confidentiality, we have invented a custom micro-tasking algorithm that splits complex content into simple, bite-sized microtasks. Our proprietary platform ensures that no worker has more than a tiny portion of a single job, and jobs are randomized for the workers. In other words, our workers do not have the ability to select the work they will be processing and do not see any connection between the short task they are performing and the context of the overall work or the identity of the client.
Quality Assurance Security Measures
To ensure the quality of output, we often use multiple people to process the same content and compare their outputs to identify potential quality issues. This requires us to process parts of the content through our Quality Assurance team. The QA team members are permitted to see the complete text output and are carefully selected, screened and legally bound to provide confidential and secure service. The QA team members are selected amongst the top 10% of our crowd, and all sign comprehensive Non-Disclosure Agreements prior to processing any customer content.
All of the content is streamed to the workers via our secure, encrypted work delivery platform. In fact, all client recordings are transferred with the same algorithms used to secure financial data in online banking transactions. This prevents the workers from downloading and storing files in progress on their computer and provides them with the benefits of accessing advanced TranscribeMe transcription and translation tools. The crowd-workers engaged with processing the content must pass a range of complex exams and tests, and are validated for quality and efficiency prior to engaging on client files.
Geo-location and Geo-fencing
A number of our customers, particularly those located in the UK, Canada and Australia, have asked that their confidential information doesn't leave the geographical boundaries of their country. Our platform is capable of providing this service, and we can limit both the machine-based and the human processing of the content to users within a particular geography.
Geo-fencing not only provides a layer of security protection but also allows filtering crowd-worker segments around areas of expertise - such as technical or financial knowledge. We can tailor our crowd in multiple ways to find the perfect group of crowd-workers for secure, confidential processing of the content.
Advanced Enterprise Confidentiality
For very sensitive projects, we provide a service to background-check all the workers involved in the production workflow on our platform and make their resumes available to the customer. This requires advance planning to undertake a full background check on each individual and is included as part of our premium service offering. In addition, we have the option of requiring crowd-workers to sign additional, client-specific NDA and legal contracts.
Bringing in the Customer's Existing Resources
In addition - for the most commercially sensitive content - our customers have the ability to process the content exclusively with their in-house staff instead of crowd-workers. The inside staff will have all the benefits of the streamlined, optimized TranscribeMe crowd-work platform designed to maximize transcription efficiency and throughput and provide partial support with advanced speech recognition algorithms.
Medical transcriptionists are subject to the business associate requirement set forth under HIPAA's privacy rule. We are subject to this requirement because the transcriptionist performs a function on behalf of healthcare providers that includes the use and disclosure of Personal Health Information (PHI). Accordingly, transcriptionists are prohibited from using or disclosing PHI in any manner that would violate the privacy rule if done by the provider itself.
HIPAA's proposed Security Standards apply to PHI that is either electronically maintained or transmitted. Covered entities are required to enter into chain-of-trust agreements with medical transcriptionists when PHI is processed electronically by the transcriptionist. Pursuant to these chain-of-trust agreements, transcriptionists will be obligated to maintain the integrity and confidentiality of PHI while in receipt of such information and during transmission of the same.
With these security and confidentiality measures in place, TranscribeMe provides best-in-class confidentiality and security during transcription and processing of audio and video content.