Skip to main content

HIPAA Compliance

🏢 Enterprise Feature

This feature requires TalkWriter Enterprise. Contact Sales →

TalkWriter Enterprise meets the requirements of the Health Insurance Portability and Accountability Act (HIPAA) for organizations that handle Protected Health Information (PHI). A signed Business Associate Agreement (BAA) is available for all Enterprise customers.

What Is HIPAA?

HIPAA is a US federal law that protects sensitive patient health information. If your organization is a healthcare provider, health plan, or business associate, you must ensure that tools handling PHI meet HIPAA standards.

HIPAA Controls Checklist

TalkWriter implements the following safeguards:

Administrative Safeguards

  • ✅ Designated security officer responsible for HIPAA compliance
  • ✅ Workforce security training completed annually
  • ✅ Risk assessments conducted at least annually
  • ✅ Incident response procedures documented and tested
  • ✅ Business Associate Agreements executed with all subprocessors

Physical Safeguards

  • ✅ Data centers with 24/7 security, biometric access, and video surveillance
  • ✅ Redundant power and cooling systems
  • ✅ Secure media disposal procedures

Technical Safeguards

  • ✅ AES-256 encryption at rest for all stored data
  • ✅ TLS 1.3 encryption for all data in transit
  • ✅ Zero audio retention — voice recordings never stored
  • ✅ Zero text retention — dictated content not persisted on servers
  • ✅ Unique user identification via SSO/SAML
  • ✅ Automatic session timeout for idle users
  • ✅ Audit logging of all access and administrative actions
  • ✅ Role-based access controls (RBAC)

Breach Notification

  • ✅ Notification within 24 hours of confirmed breach discovery
  • ✅ Full incident report provided within 72 hours
  • ✅ Cooperation with covered entity's notification obligations

Getting a BAA

  1. Contact sales@talkwriter.ai or your account manager
  2. Request the TalkWriter BAA
  3. Review and sign the agreement
  4. Your Enterprise account is marked as HIPAA-covered

The BAA must be signed before any PHI is processed through TalkWriter.

SettingRecommended Value
SSOEnabled and required
Privacy ModeEnabled org-wide
Session timeout15 minutes or less
Audit logsEnabled (default on Enterprise)
SCIM provisioningEnabled for automatic deprovisioning

FAQ

Is a BAA available on Pro plans? No. HIPAA compliance and BAAs require TalkWriter Enterprise.

Does TalkWriter store PHI? No. Audio and text are processed in real-time and never retained. With Privacy Mode enabled, even temporary server-side text processing is disabled.

Can I use TalkWriter for clinical dictation? Yes. With an Enterprise plan, signed BAA, and Privacy Mode enabled, TalkWriter is suitable for clinical documentation.