%20copy.png?width=209&height=70&name=WHITE%20RTC%20logo%20high-res-color%20transparent%20(1)%20copy.png)
Confidentiality and Compliance
✓ 100% US-based English transcription
✓ HIPAA-compliant
✓ SOC-2-Certified
✓ GDPR-Compliant
✓ HECVAT-registered
SAM Registration Unique Entity ID: Q7MLSY1BRYW6
Same Day Transcriptions, Inc. (parent company)
A Service Disabled Veteran Owned Small Business
Documented Security and Confidentiality
Real Assurances for Real Protection
Not all transcription services offer the same level of confidentiality and compliance. Many claim to be secure and confidential but lack the evidence to prove it.
Before choosing a transcription provider, it’s essential to understand the hidden dangers of unverified transcription services—including overseas outsourcing to unvetted global freelance “gig” workers, weak security policies, the use of AI that reserves the right to use client data, among other concerns.
The scary part of it all is that many of the companies promising to “take confidentiality seriously” are the ones posing these dangers.
At Research Transcriptions, we go beyond promises with verifiable documentation:
✔ 100% U.S.-Based Transcriptionists – No global freelance-worker networks; extensive identity verification and background checks.
✔ Independently Audited & Certified – SOC-2, HIPAA, GDPR, CITI, HECVAT.
✔ End-to-End Encryption – Protecting your data in transit and at rest.
✔ Legally Binding NDAs and HIPAA BAAs – Every transcriptionist is vetted and contractually bound to confidentiality.
✔ No AI Processing – Your files never touch artificial intelligence.
Learn why confidentiality claims mean nothing without proof and how to identify real security standards.
Research Transcriptions Certifications and
Third-Party Reports
HIPAA + SOC 2 Type 1
HIPAA + SOC 2 - An independent third-party audit firm has examined the description of the Systems and Production Support and the related General Information Technology Controls for the services provided to customers by Research Transcriptions and its vendors and contractors. This audit was based on the Security, Privacy, and breach requirements outlined in the Health Insurance Portability and Accountability Act (“HIPAA”) Administrative Simplification. The responsibility of Research Transcriptions is limited to the extent it acts as a Business Associate.
All Research Transcriptions transcribers and other personnel who have access to protected health information (PHI) are trained and certified in HIPAA compliance.
SOC 2 (Service Organization Controls) / AT-C 205 Type II
Research Transcriptions maintains SOC 2 reports for the Security, Availability, and Confidentiality Trust Service Principles, which are based on the American Institute of CPAs TSP Section 100 2017 Trust Services Criteria. The SOC 2 and SOC 3 reports are issued by an independent third-party assessor who validates the controls and processes Research Transcriptions has implemented to make Research Transcriptions secure and highly available while protecting the confidentiality of customer data.
Furthermore, Research Transcriptions partners with vendors who are also SOC 2 Type II certified. SOC 2 evaluates the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria.
NIH & IRB
All Research Transcriptions transcribers and other personnel who work on NIH-funded human subjects research complete the Human Research Protection Training offered by the HHS Office for Human Research Protections (OHRP).
CITI - Protecting Human Subject Research (HSR)
Research Transcriptions’ transcribers receive continuous training on Protecting Human Subject Research (HSR) participants. This material is based on material from CITI and the National Institutes of Health. Training areas include:
- Data Management and Security for Student Researchers
- NIH Data Management and Sharing Policy for SBER: Implications for Researchers and IRBs
GDPR
Research Transcriptions’ transcribers receive continuous training on GDPR. Training areas include:
- GDPR and Human Subject Research in the US
- GDPR: Top Noncompliance Risks and Mitigation Strategies
.png)
%20(1).png)
Independently Audited And Certified...
SOC-2
Type II and Type II
Following SOC-2 Type I certification, Research Transcriptions was again audited by an independent third party to assess the operating effectiveness of our internal controls.
Beyond our SOC-2 Type II certification, Research Transcriptions only partners with other vendors who are also SOC-2 Type II certified.
Scroll to the next section for a visual diagram that explains SOC-2 certification in greater detail - and how it helps protect your data better.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) establishes strict standards for safeguarding protected health information (PHI).
Research Transcriptions ensures full HIPAA compliance through independently audited annual reviews, staff training, and certifications. Our team undergoes quarterly training to stay current on regulations and best practices, ensuring secure workflows and unwavering security and confidentiality of protected health information.
CITI / NIH - Protecting Human Subject Research Participants
All Research Transcriptions transcribers who work on human subject research complete the Human Subjects Research Protection Training offered by CITI and/or the U.S. Department of Health and Human Services Office for Human Research Protections (OHRP). Training areas include:
- Data Management and Security for Student Researchers
- NIH Data Management and Sharing Policy for SBER: Implications for Researchers and IRBs
FERPA
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records, ensuring that access to and sharing of these records comply with strict confidentiality standards.
Research Transcriptions is fully FERPA-compliant, with rigorous data security protocols and trained personnel to safeguard sensitive educational information. Our commitment to FERPA ensures that clients can trust us to securely handle protected student data.
EDUCAUSE:
HECVAT - FULL
The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a standardized questionnaire designed to evaluate vendors' security and data protection practices for higher education institutions, especially for cloud services. Developed by the Higher Education Information Security Council (HEISC) and EDUCAUSE, it ensures compliance with stringent privacy standards.
Research Transcriptions has completed the Full HECVAT, demonstrating our commitment to robust data protection and alignment with higher education security requirements.
GDPR
The General Data Protection Regulation (GDPR) sets strict standards for handling personal data within the European Union.
Research Transcriptions ensures compliance through comprehensive GDPR training for all personnel. Our program covers key principles like lawful data processing, minimization, and breach management. This training equips our team to handle data securely, protect individual rights, and maintain global privacy standards.
Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) sets strict guidelines for securing payment card data.
Research Transcriptions ensures PCI compliance by partnering exclusively with PCI-compliant credit card processors. We never store or take possession of credit card information. Our secure systems, encryption protocols, and ongoing staff training uphold the highest standards for safeguarding client financial transactions and data.
SOC-2 Certification Explained
Let's discuss your work!
Get it done right the first time with expert advice from over 20 years of experience. Avoid the disappointments and risks of AI and global workpools.
