HIPAA Compliance – Security & Privacy

Scribe deemed fully compliant with Health Insurance Portability and Accountability Act of 1996 (HIPAA) requirements for Medical Transcriptionists with multiple safeguards designed to protect the privacy and security of personal health information. . Our online platform offers protections that insure us as the most secure and private medical transcription services platform for the healthcare industry today. It's imminently scalable, highly reliable and most importantly secure. Scribe global infrastructure is designed and managed using best practices for digital security as well as a wide range of IT security compliance standards. Our security measures for customer data protection are best-in-class, and cover multiple levels:


Medical transcriptionists are subject to the business associate requirement set forth under HIPAA’s privacy rule. We are subject to this requirement because the transcriptionist performs a function on behalf of healthcare providers that includes the use and disclosure of Personal Health Information (PHI).

Accordingly, transcriptionists are prohibited from using or disclosing PHI in any manner that would violate the privacy rule if done by the provider itself.

HIPAA’s proposed Security Standards apply to PHI that is either electronically maintained or transmitted. Covered entities are required to enter into chain-of-trust agreements with medical transcriptionists when PHI is processed electronically by the transcriptionist. Pursuant to these chain-of-trust agreements, transcriptionists will be obligated to maintain the integrity and confidentiality of PHI while in receipt of such information and during transmission of the same.

With these security and confidentiality measures in place, Scribe provides best-in-class confidentiality and security during transcription.

Our HIPAA-compliant server has security features including:

  • Detailed Reporting and Tracking Features
  • Individually Defined User Access Levels
  • Individual User Names, Passwords and PINs (that can be deactivated immediately upon request)
  • Scaled Network Redundancy
  • Virtual Private Network (VPN) Integration
  • Dedicated Data centers
  • SSL 128 bit Secure Encryption
  • Secure FTP (SFTP) Servers

Our Foolproof Protocols

  • We have created an internal task force comprising of Compliance Auditors who perform regular health checks and help the management in effective decision making by their valuable insights for enforcing security measures that are strictly aligned with latest HIPAA guidelines.
  • We ensure that all our associates are well-educated and up-to-date on HIPAA regulations by conducting quarterly Compliance Workshops imparting comprehensive training on security and privacy.
  • After successful Compliance training, Scribes provides yearly “HIPAA Compliant” certifications to all its associates who are the eventual stakeholders of confidential data.
  • Our development team ensures compliance with HIPAA by administrating appropriate maintenance, and implementing both physical and technical safeguards to protect confidentiality and integrity of crucial healthcare data.
  • Our Managers and Team Leads are instructed to keep a check on the use of paper, to ensure paper-free work environment and to use paper only judiciously.
  • Our network engineers have disabled any additional drives or physical-dump locations on the network to ensure that no unnecessary copies are being created during the transcription process and nothing goes out from our office premises.

Data Encryption, Website Security, & Confidentiality Agreements

We are constantly striving hard to utilize best practices to ensure compliance, and currently, we are happy to acknowledge that we are thus far successful in meeting and even exceeding the HIPAA compliance standards.

  • Data Encryption: We don’t send any reports on emails as it is strictly against HIPAA, and only in rare scenarios, any such transfer of confidential information is deemed to be strictly encrypted with a “fill-to-open password” that will be sent separately
  • Website Security: Our online website archives online patient records on a secure server which is encrypted with a 256-bit secure socket layer (SSL encryption) to prevent any unauthorized access to our system. We have provided all facilities, physicians, and staffs with unique combination of user names and passwords to authenticate access to the website.
  • Confidentiality Agreements: All our transcriptionists and staff members are made to sign confidentiality agreements and have undergone extensive 15-day training on keeping up with HIPAA compliance procedures and methodologies, only after which they are allowed to enter and work inside the office premises.

If you have any further questions about our security measures, or need assistance with anything else, please do write us at support@scribebpo.com


Data Security & Technology

Sensitive healthcare data must be secured. You can count on Scribe to ensure it's always protected. No floppy, disc or flash drives are allowed inside our facilities, not even by the members of our staff. No video or voice recorders are allowed inside the building Furthermore, we have installed high resolution CCTV cameras to add to the surveillance system around the property.

Infrastructure And Network Security

Our servers are located inside secure, dedicated Microsoft Azure data centers, with state-of-the-art physical and online intrusion prevention measures in place. The facilities are ISO certified, and are proactively monitored and kept up-to-date with the latest security patches by 24/7 Microsoft staff. We have stringent protocols to audit, troubleshoot, upgrade, and verify security measures at all levels.

Our IT support team makes certain that every incoming port at our office computer and communication network has been protected from threats. We deploy several network filters and firewalls to protect our system from possible menaces. For system access, we only allow management and FTP ports inside premises and to permit client access, we use SSL. Moreover, accesses are provided to clients and staff via password protected login IDS. In addition, while sending files as an email attachment, we cross check if they have been encrypted or not.

Micro-tasking Security And Confidentiality

As a major part of our transcription process, we involve real human crowd-workers in the delivery of transcription services. To ensure confidentiality, we have invented a custom micro-tasking algorithm that splits complex content into simple, bite-sized micro tasks. Our proprietary platform ensures that no worker has more than a tiny portion of a single job, and jobs are randomized for the workers. In other words, our workers do not have the ability to select the work they will be processing, and do not see any connection between the short task they are performing and the context of the overall work or the identity of the client.

Platform Security

All of the content is streamed to the workers via our secure, encrypted work delivery platform. In fact, all client recordings are transferred with the same algorithms used to secure financial data in online banking transactions. This prevents the workers from downloading and storing files in progress on their computer, and provides them the benefits of accessing advanced Scribe transcription and translation tools. The crowd-workers engaged with processing the content must pass a range of complex exams and tests, and are validated for quality and efficiency prior to engaging on client files.

Geo-location And Geo-fencing

A number of our customers, particularly those located in UK, Canada and Australia, have asked that their confidential information doesn’t leave the geographical boundaries of their country. Our platform is capable of providing this service, and we can limit both the machine-based and the human processing of the content to users within a particular geography. Geo-fencing not only provides a layer of security protection, but also allows filtering crowd-worker segments around areas of expertise – such as technical or financial knowledge. We can tailor our crowd in multiple ways to find the perfect group of crowd-workers for secure, confidential processing of the content.

Advanced Enterprise Confidentiality

For very sensitive projects, we provide a service to background-check all the workers involved in the production workflow on our platform, and make their resumes available to the customer. This requires advance planning to undertake a full background check on each individual and is included as part of our premium service offering. In addition, we have the option of requiring crowd-workers to sign additional, client-specific NDA and legal contracts.

Bringing In The Customer’s Existing Resources

In addition – for the most commercially sensitive content – our customers have the ability to process the content exclusively with their in-house staff instead of crowd-workers. The inside staff will have all the benefits of the streamlined, optimized Scribe crowd-work platform designed to maximize transcription efficiency and throughput, and provide partial support with advanced speech recognition algorithms.

Scribe BPO regards the privacy and confidentially of clients data and therefore assures complete security of the same. Every piece of information provided by the client will be kept as top secret by our company and we will consider this as our top priority duty.

We are using Information Security Management System (ISMS) to develop our in-house security process and encourage customer confidence for the organization. Scribe BPO therefore carries sensible precautions to secure your personal information, data from any kind of damage, loss or misuse.

At our company, we follow very strict security policy to examine, manage, maintain, control the security level and demolish the risk to the satisfactory level.

  • We will protect and secure all confidential data provided by our valuable clients.
  • Assure strict safety of data storage.
  • Implement Firewalls and intrusion detection technology.
  • Assured online backup servers.
  • Ensure daily backup of data saved in the system.
  • Multiple password protection.
  • High level of security for Non disclosure and Non compete Agreement bind all personnel.
  • Assignment of unique password to each personnel for the access to a given computer/workstation is also restricted.
  • Strict assignment of responsibilities so there are no overlapping areas for work.
  • Unique password given to every employee and access to given computer.