by Sara Nguyen
Article filed in

Is AWS Transcribe HIPAA compliant?

by Sara Nguyen

Is AWS Transcribe HIPAA compliant? - Paubox

The Amazon Web Service (AWS) Transcribe feature automatically converts speech to text in real time. For healthcare organizations, this service can be used to add subtitles to telehealth consultations or transcribe doctor-patient conversations. While this could aid medical transcription, is it HIPAA compliant software?

AWS Transcribe and the business associate agreement

You may already know that covered entities are bound by HIPAA laws to implement safeguards to keep protected health information (PHI) secure and protected from unauthorized disclosure. But HIPAA laws also apply to business associates, or third-party vendors, that access, store, or transmit PHI.

Covered entities must ensure business associates are protecting PHI as required by HIPAA laws. This is why a business associate agreement (BAA) is crucial to staying in compliance with HIPAA. A BAA details the responsibilities and duties of the business associate in regards to how it protects PHI. 

If there is no BAA signed, then the business associate is not HIPAA compliant. 

Not all AWS services are HIPAA-eligible, but Amazon is willing to sign a BAA for healthcare organizations using AWS Transcribe. An organization will have to navigate its account settings to self-service a BAA.

AWS Transcribe and data security

Besides a BAA, covered entities also need to investigate a business associate’s security safeguards. Some companies have more robust security protocols than others. At AWS Transcribe, these are some of the data security safeguards available:

  • Two-factor authentication
  • Set up API and user logging activity with AWS CloudTrail
  • Use AWS encryption solutions
  • Use Amazon Macie for advanced managed security systems

Is AWS Transcribe HIPAA compliant?

Yes, AWS Transcribe can be HIPAA compliant. Amazon is willing to sign a BAA covering the AWS Transcribe solution. Data security can also be customized to meet a healthcare organization’s security requirements.

Get robust email security with Paubox

HIPAA compliant email has never been easier than with Paubox Email Suite. We have achieved HITRUST CSF certification and meet key regulatory requirements to manage risk. 

Paubox uses security features like blanket TLS encryption and two-factor authentication for ultimate protection. Our Plus and Premium plan levels also include our newest feature, Zero Trust Email, which ensures all delivered emails are genuine.

A BAA is included in all plans at no additional cost, so you can rest assured that Paubox is continuously working to provide the highest level of security for your emails.

Try Paubox Email Suite for FREE today.