Confidentiality and Compliance
✓ 100% US-based English
✓ HIPAA-compliant
✓ SOC-2-certified
✓ CJIS-compliant
✓ CITI-certified
SAM Registration Unique Entity ID: Q7MLSY1BRYW6
Same Day Transcriptions, Inc. (parent company)
A Service Disabled Veteran Owned Small Business
Documented Security and Confidentiality
Real Assurances for Real Protection
Not all transcription services offer the same level of confidentiality and compliance. Many claim to be secure and confidential but lack the evidence to prove it.
Before choosing a transcription provider, it’s essential to understand the hidden dangers of unverified transcription services—including overseas outsourcing to unvetted global freelance “gig” workers, weak security policies, the use of AI that reserves the right to use client data, among other concerns.
The scary part of it all is that many of the companies promising to “take confidentiality seriously” are the ones posing these dangers.
At Research Transcriptions, we go beyond promises with verifiable documentation:
✔ 100% U.S.-Based Transcriptionists – No global freelance-worker networks; extensive identity verification and background checks.
✔ Independently Audited & Certified – SOC-2, HIPAA, GDPR, CITI, HECVAT.
✔ End-to-End Encryption – Protecting your data in transit and at rest.
✔ Legally Binding NDAs and HIPAA BAAs – Every transcriptionist is vetted and contractually bound to confidentiality.
✔ No AI Processing – Your files never touch artificial intelligence.
Learn why confidentiality claims mean nothing without proof and how to identify real security standards.
Independently Audited, Verified, and Certified.
SOC-2-certified
Research Transcriptions maintains SOC-1 and SOC-2 reports for the Security, Availability, and Confidentiality Trust Services Principles, as established under the American Institute of CPAs (AICPA) TSP Section 100 – 2017 Trust Services Criteria. These reports were issued by an independent third-party assessor who evaluated the company’s internal controls for security and confidentiality. The assessment verifies that Research Transcriptions has implemented and maintains practices that ensure secure operations, consistent system availability, and the highest levels of privacy for customer data.
In addition, Research Transcriptions partners exclusively with vendors who maintain SOC-2 Type II certification, ensuring that compliance extends throughout its supply chain. This layered approach demonstrates a company-wide commitment to security, availability, and confidentiality that is unmatched in the industry.
The company's SOC-2 report is available under a Nondisclosure Agreement (NDA). Contact us for details.
CJIS-compliant
Research Transcriptions aligns its security program with the FBI Criminal Justice Information Services (CJIS) Security Policy, which establishes strict standards for protecting Criminal Justice Information (CJI). These safeguards are reinforced through the company’s SOC-2 certification, where data confidentiality practices have been independently audited and verified. Security controls include access management, encryption, logging, and incident response, all structured to meet law enforcement agency requirements. Because CJIS does not provide a formal certification, compliance is demonstrated through adherence to agency mandates and supported by the company’s SOC-2 report. The responsibility of Research Transcriptions is limited to the extent that it acts as a contractor entrusted with access to CJI.
All Research Transcriptions transcribers and personnel with access to CJI complete CJIS Security Awareness Training, undergo background screening where required by contracting agencies, and follow strict confidentiality protocols to safeguard sensitive law enforcement data.
HIPAA-compliant
Research Transcriptions complies with the Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification requirements, which establish strict standards for the privacy, security, and breach notification of protected health information (PHI). The company’s data protection practices are reinforced through its SOC 2 certification, where confidentiality and security controls have been independently audited and verified. This framework governs the handling of PHI by Research Transcriptions and its affiliated vendors and contractors, ensuring that all transcription processes align with the safeguards required under HIPAA. The responsibility of Research Transcriptions is limited to the extent that it acts as a Business Associate entrusted with access to PHI.
All Research Transcriptions transcribers and personnel with access to PHI receive HIPAA compliance training, maintain current certification, and follow strict confidentiality protocols designed to protect patient information and support the compliance needs of healthcare providers and their partners.
NIH-trained
Research Transcriptions adheres to the standards established by the U.S. Department of Health and Human Services (HHS) Office for Human Research Protections (OHRP) for NIH-funded projects involving human subjects. These requirements are reinforced through the company’s SOC-2 certification, where data confidentiality practices have been independently audited and verified. Training covers research ethics, participant protections, informed consent, and compliance with NIH Data Management and Sharing policies. The responsibility of Research Transcriptions is limited to the extent that it acts as a contractor entrusted with access to federally funded research data.
All Research Transcriptions transcribers and personnel assigned to NIH-funded projects complete OHRP Human Research Protection Training, maintain current certification, and follow strict confidentiality procedures to safeguard participants and sensitive study data.
CITI-trained in Protecting Human Subject Research
Research Transcriptions complies with the standards of the Collaborative Institutional Training Initiative (CITI), which provides the framework for protecting human subjects in academic and research settings. This training governs the secure handling of sensitive research data and is reinforced through the company’s SOC-2 certification, where data confidentiality practices have been independently audited and verified. Core areas of instruction include data management and security, ethical conduct in social and behavioral research, and compliance with Institutional Review Board (IRB) requirements. The responsibility of Research Transcriptions is limited to the extent that it acts as a contractor entrusted with access to human subjects research data.
All Research Transcriptions transcribers and personnel engaged in research projects maintain current CITI certification and follow strict confidentiality standards designed to safeguard participant rights and research integrity.
EDUCAUSE,
HECVAT-registered (FULL)
The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a standardized questionnaire designed to evaluate vendors' security and data protection practices for higher education institutions, especially for cloud services. Developed by the Higher Education Information Security Council (HEISC) and EDUCAUSE, it ensures compliance with stringent privacy standards.
Research Transcriptions has completed the Full HECVAT, demonstrating our commitment to robust data protection and alignment with higher education security requirements.
GDPR-compliant
Research Transcriptions follows the European Union’s General Data Protection Regulation (GDPR), which sets the standard for protecting personal data and individual privacy. These requirements are reinforced through the company’s SOC-2 certification, where data confidentiality practices have been independently audited and verified. Security and privacy controls include lawful basis for processing, access restrictions, encryption, data minimization, and breach notification procedures. Because GDPR does not grant formal certification, compliance is demonstrated through documented internal policies, client-directed data processing agreements, and validation supported by the company’s SOC-2 report. The responsibility of Research Transcriptions is limited to the extent that it acts as a data processor on behalf of its clients.
All Research Transcriptions transcribers and personnel who handle personal data complete GDPR awareness training, operate under strict confidentiality agreements, and follow client instructions to ensure full compliance with regulatory requirements.
FERPA-compliant
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records, ensuring that access to and sharing of these records comply with strict confidentiality standards.
Research Transcriptions is fully FERPA-compliant, with rigorous data security protocols and trained personnel to safeguard sensitive educational information. Our
PCI-compliant
The Payment Card Industry Data Security Standard (PCI DSS) sets strict guidelines for securing payment card data.
Research Transcriptions ensures PCI compliance by partnering exclusively with PCI-compliant credit card processors. We never store or take possession of credit card information. Our secure systems, encryption protocols, and ongoing staff training uphold the highest standards for safeguarding client financial transactions and data.
SOC-2 Certification Explained
Let's discuss your work!
Get it done right the first time with expert advice from over 20 years of experience. Avoid the disappointments and risks of AI and global workpools.