844-897-3935TypeWell's Web Linking platform uses HTTPS/SSL encryption, along with additional custom encryption between the desktop application and the Web Linking servers.
Encrypted data logs are retained temporarily (to assist customers with recovering a lost transcript if they forget to save a transcript file). These data logs are automatically deleted from the servers on a regular schedule.
If you require a dedicated server that deletes data immediately upon transmission to a Web Linking page, please contact us for pricing and more information.
All TypeWell employees and contractors are bound by strict confidentiality requirements outlined in our employee and contractor guidelines, which are reviewed annually. However, please note that TypeWell employees do not routinely view or process transcript content. The only exception is when a client or transcriber requests assistance with recovering a lost transcript, which necessarily involves access to that content. If your transcript contains data subject to HIPAA protections, please ensure that your policies and instructions reflect whether such a recovery request would be permissible.
HIPAA Certification and Business Associate Agreements
TypeWell takes data security seriously and employs industry-standard practices to protect the security of data transmitted through its software and servers. However, TypeWell does not act as a Business Associate under HIPAA and therefore does not enter into Business Associate Agreements (BAAs). This is because TypeWell does not provide services directly to Covered Entities involving the transmission, storage, or processing of Protected Health Information (PHI) on their behalf. Rather, our software is licensed to transcription service providers who independently deliver services to clients.
Clients who require HIPAA compliance should discuss this with their chosen service provider. It is entirely appropriate—and recommended—for clients to require a signed BAA with their transcription service provider (agency or freelancer) if transcripts or live text streams may contain PHI.
Please be aware that some services may market themselves as "HIPAA certified." In reality, there is no official HIPAA certification for software platforms. HIPAA compliance is determined by whether proper administrative, physical, and technical safeguards are in place, supported by a BAA between the Covered Entity and any relevant service providers.
For an official overview of HIPAA requirements, see this HIPAA summary from the U.S. Department of Health and Human Services (HHS).
For more technical guidance on implementing security safeguards under the HIPAA Security Rule, see NIST’s HIPAA Security Rule Guidance.
The client should guide transcript retention and handling
Questions sometimes arise about "who owns the transcript." In general, the client (who pays for the service) is the rightful owner of the transcript. Transcribers have a professional and ethical duty to follow their client's policies and instructions regarding data handling.
If you have specific requirements regarding document retention and deletion—for example, if transcripts may include PHI—you should clearly communicate these requirements to your transcription service provider.
In educational settings, standard practice is as follows:
- The transcriber saves each class transcript to their local hard drive.
- The transcriber edits the transcript (typically removing all identifying information, such as student names).
- The transcript is provided to the authorized recipient (e.g., student) via email or upload, per client instructions.
Transcribers typically delete transcripts from their local hard drives at the end of each quarter or semester unless instructed otherwise.
Important considerations for clients and end-users concerned with HIPAA compliance
If you are contracting with a third-party service provider—such as an agency or a freelance transcriber—and you have concerns about privacy or the handling of electronic Protected Health Information (ePHI), please keep the following in mind:
- TypeWell does not transmit or handle audio or video content. If a transcriber is listening remotely to your sessions, it is your responsibility to ensure that your chosen audio/video platform meets your security requirements.
- TypeWell's role is limited to providing software that delivers live text streams and supports transcript creation. The transcriber is responsible for ensuring that transcript handling complies with your privacy and security requirements.
- TypeWell has no control over the security of clients' or end-users' internet connections or access points.
- When a live transcript is viewed through a secure Web Reader page, that text passes through TypeWell’s encrypted Web Linking servers. Temporary data logs are retained and then deleted as described above.
- Other than the software security measures outlined here, all other aspects of HIPAA compliance are the responsibility of your transcription service provider.
⚠️ Recommendation: If your use case may involve PHI, we strongly recommend that you enter into a Business Associate Agreement with your service provider and verify that they have adequate HIPAA training, processes, and safeguards in place—including policies for electronic document retention and deletion.
Other privacy considerations (Canada and education)
Canadian privacy laws:
Clients in Canada should be aware that TypeWell is not classified as a health information custodian or health information network provider under Canadian privacy laws such as PIPEDA (Personal Information Protection and Electronic Documents Act) or provincial health information acts (PHIPA, HIA, FIPPA, and others). We do not enter into equivalent agreements (such as Information Manager Agreements or service provider contracts) with healthcare entities. As with HIPAA, the primary responsibility for privacy compliance rests with the transcription service provider and their client.
Educational settings and FERPA:
In educational settings governed by FERPA (Family Educational Rights and Privacy Act), it is the responsibility of the educational institution to ensure that transcription services are delivered in a manner that complies with FERPA requirements. TypeWell provides software used to generate and deliver live text streams and transcripts, but does not manage educational records or act as a data controller under FERPA.