Is Your Transcription Service Secure?

Information is the most important commodity in the Digital Age—and a lot of people want yours. Companies want your data for marketing. Social media sites need your information for targeted ads. And those are just the “legitimate” ones. So far, 953 data breaches and cyberattacks have been disclosed in 2023. Those attacks compromised 5.4 billion records, including names, addresses, genders, passport numbers, credit card details, personal health information, and even genetic information

Protecting your data should be a top priority. Similarly, a secure transcription services provider should know the value of data protection because any industry that uses their services—business, medical, legal, law enforcement, academic, or even general—has its own sensitive, confidential, or proprietary information usually included in transcripts. 

Security should be right up there with accurate transcription regarding essential considerations for choosing the best transcription service. The problem is anybody can say that they offer secure transcription services even if they don’t. 

So, how do you weed out the unreliable and find the trustworthy? Let’s talk about it. 

Understanding the Transcription Process

On the surface, the transcription process is simple. Clients record essential audio and video files and then send those recordings to their transcription services online via email or upload them to the provider’s website or platform or maybe a third-party service like Google Drive. 

A transcriptionist or several are assigned to the project (depending on scope and length), converting the recordings into digital text files. After a battery of proofreading and quality checks, digitally searchable transcripts are encrypted and sent back to the client via their preferred method within the promised turnaround time. Completed transcripts are stored in the provider’s server for easy retrieval and are subjected to backup redundancy protocols, if applicable. Four or five steps, and it’s all done. 

However, there are several vulnerable points where data breaches or leakage can happen on the transcription provider’s side. Breaches can happen during data or the recording collection or while the files are being transmitted for storage. Once there, weak security can affect the storage and transcription platform itself. 

Information breaches can also happen due to human error if transcriptionists or editors fail to implement physical data security. We also cannot discount the threat of an insider actively looking for sensitive data to use or sell. Furthermore, any third-party service involved in the process opens the data to a new set of potential vulnerabilities. And then, as if all of that isn’t enough, the data can also be vulnerable during transit back to the client. 

As you can see, transcription security is no walk in the park. So, how do you make sure your video or audio files, captions, and transcripts are safe? Well, there are a few reliable ways to do so. 

Standard Transcription Security That Every Good Transcription Company Should Have

Transcription solution providers should be able to meet these security protocols at least: 

  • Detailed Reporting and Tracking Features
  • Individually Defined User Access Levels
  • Individual User Names, Passwords, and PINs (immediate deactivation upon request)
  • Scaled Network Redundancy
  • Virtual Private Network (VPN) Integration
  • Dedicated Data Centers
  • Encrypting All Data With SSL 256-bit Encryption
  • Employee Background Checks*
  • Must Be Willing To Sign A Non-Disclosure Agreement

*Ask your transcription provider if their employees or contracted transcribers undergo criminal background checks and are U.S.-based. Sensitive audio and video files should NEVER be transcribed by transcriptionists who are not properly vetted and qualified. 

Always Require Them to Have Insurance

Asking your transcription vendor for proof of insurance and requiring them to carry cyber liability insurance is a must these days as well. This is in case something does happen to your data; your transcription provider has insurance to pay for the potential damages in the worst-case scenario of a data breach. Ask them to provide you with proof of insurance and a Certificate of Insurance with you as the Certificate Holder. Most of our clients require us to have general liability and a stand-alone cyber liability insurance policy. We have both – and are available upon request. Once you’ve chosen a vendor, ask them for these and then call the insurance provider to confirm it is a valid policy paid for by the vendor and is in good standing.

Check Dun & Bradstreet Ratings

Individuals often rely on consumer credit ratings. For businesses, having a Dun & Bradstreet D-U-N-S (Data Universal Numbering System) nine-digit number provides potential vendors, lenders, and clients a method to determine a company’s creditworthiness. Over 330 million businesses currently have one, and you can obtain a D-U-N-S number at no charge.

Any business seeking to register with Dun & Bradstreet must be an established legal entity within their respective state (i.e., LLC, C-Corp, S-Corp, etc.). This fact alone indicates that the provider is a legitimate service and is willing to take accountability for any issues. Companies can register online by providing the following information:

  1. Legal Name of the Business
  2. Headquarters Name and Address
  3. The company’s physical address and mailing address
  4. Doing Business As (DBA) name, if applicable
  5. Phone Number
  6. Name and contact info of the business owner
  7. Number of employees
  8. If the business is home-based or has company offices 

If your transcription company doesn’t have a D-U-N-S number, it should be a red flag.

Does Your Transcription Service Have An Employer Identification Number (EIN)?

Any company or organization needs an EIN from the Internal Revenue Service (IRS), especially those with employees. An EIN is also nine digits and uses a unique pattern with the first two digits separated from the remaining seven digits (xx-xxxxxxx).

Businesses within the U.S. or its territories get an EIN online through the IRS. Also, the individual applying must have a valid Taxpayer Identification Number, such as an SSI, ITIN, or EIN.

Check to see if your transcription service provider has an EIN.

Does Your Transcription Company Have a U.S. Bank Account?

If a transcription service provider conducts business in the U.S. and promotes confidential transcription services, it should have a bank account with a U.S.-based financial institution. Some transcription companies are based in foreign countries yet claim they are based in the U.S. by providing a U.S. mailing address and phone number. 

However, if a foreign transcription company doesn’t maintain accounts with a U.S.-based financial institution, you may incur additional fees to transfer payments. 

Medical and legal transcription have regulatory bodies overseeing the security and privacy of any vendor working with their respective data. 

Transcription companies working on medical files must comply with HIPAA (Health Insurance Portability and Accountability Act) to protect patient privacy. 

Companies transcribing legal or law enforcement files for criminal law enforcement agencies must be CJIS (Criminal Justice Information Services) compliant. The FBI oversees the CJIS program, and companies must adhere to strict security guidelines when accessing or being privy to criminal files. 

Both regulatory bodies require service providers like transcription companies to meet strict data protection guidelines to earn compliance. As such, transcription companies must allocate resources, polish their physical security protocols, and enhance data protection processes to achieve compliance. Seeing a company that complies with both HIPAA and CJIS compliance is an excellent indicator of good data security. 

Other International Security Measures And Regulations

Familiarizing yourself with foreign security and regulatory measures while doing business offshore is important. For example, the European Union has the General Data Protection Regulation, or GDPR, that sets out detailed requirements for companies and organizations on collecting, storing, and managing personal data. The United Kingdom has the Data Protection Act of 2018, Australia has the Privacy Act, South Korea has the General Data Protection Law, and Canada has the Personal Information Protection and Electronic Documents Act. 

Transcription Providers With CAGE Codes

Any company conducting business with the Department of Defense and other related government services must obtain a Commercial and Government Entity (CAGE) code. CAGE codes are assigned and created by the Defense Logistics Agency and managed by the DoD. CAGE codes assist in validating the legitimacy of suppliers and contractors, helping the federal government prevent fraud and ensure compliance with procurement regulations.

Do Automated Transcription Services Protect Your Data? 

Artificial Intelligence (AI) technology continues to evolve, especially in the transcription industry. While AI transcription works for some basic projects, sensitive or complex transcription projects with multiple speakers in less-than-ideal recording environments usually require human transcribers. So far, they’ve only reached 86% accuracyat best. Even setting aside the issue of accuracy with automated transcription, it’s still not the best choice when considering security. 

This primarily lies in the process of AI learning. Generative AIs, large-language models, natural language processing, and machine learning depend on training data to learn how to “think.” Training data is often scraped from the Internet and other digital sources. However, depending on the AI’s structure, it can learn from any data users provide.

Now, that might not sound like a big deal. AI uses your information just for training, anyway. No big deal, right? 

Unfortunately, it’s not as cut and dry as it seems. On March 20, 2023, ChatGPT experienced a data breach that exposed approximately 1.2% of its user base’s names, email and physical addresses, credit card details, and chat history. For 9 hours, all that data was made available to random ChatGPT users. Imagine having your transcripts exposed to potentially millions of people. 

Human-powered transcription services are usually the ideal solution for professionals who need accurate transcription. Of course, that’s not the only consideration. Aside from providing highly accurate results, fast turnaround times, affordable rates, and excellent customer service, your chosen human transcription service must also meet all the above security standards and regulatory compliance requirements. 

Choose Accurate And Secure Transcription Services For Your Transcription Solutions

Reputable transcription companies treat every file with the utmost care. A quality company also employs human transcriptionists and has a comprehensive information security program. The best way to confirm the security measures for audio transcription services and whether they are a U.S.-based company is to call and speak to a management team member. Most are happy to sign the appropriate non-disclosure agreements to alleviate security concerns. 

Ditto Transcripts is a HIPAA-compliant and CJIS-compliant Denver, Colorado-based transcription services company that provides fast, accurate, and affordable transcripts for individuals and companies of all sizes. Call (720) 287-3710 today for a free quote, and ask about our free five-day trial.

Looking For A Transcription Service?

Ditto Transcripts is a U.S.-based HIPAA and CJIS compliant company with experienced U.S. transcriptionists. Learn how we can help with your next project!