Security and confidentiality

Babbletype understands the confidential nature of the information you share with us, and takes extensive steps to ensure it is protected. This page outlines the tools, policies and procedures Babbletype uses to ensure the security of client and respondent information.

File management strategy

Babbletype uses a variety of cloud-based storage systems to receive information from and share information with clients, and to share with team members during production. All storage systems we use feature secure, redundant, geographically distributed data centers with physical security and uninterruptible power supplies. Our storage systems provide control over user, file and directory-level access. All activity is logged in audit trails, and all changes are tracked. 

Babbletype’s file systems are divided into two separate domains: files used in production of your work and files shared with you. 

For each project, we create a unique shared directory to which only you, others you request to be included, and Babbletype management have access. All files are stored using 128-bit or 256-bit AES encryption, and are accessible via HTTPs connections only. SSL (secure sockets layer) and TLS (Transport Layer Security) are implemented for all data access.

All information assets we receive from you, and fulfill to you, are placed in this directory for permanent storage and your exclusive use. On project completion, you can request deletion of the secure contents of the project directory at any time, or retain for long-term access.

Babbletype’s production environment provides transcriptionists, translators, proofreaders and related workers with temporary access to audio files, transcripts and supporting materials while transcripts are being worked on, then removes access after completion. All Babbletype transcripts are created online, in tools and documents controlled Babbletype, minimizing any local data footprint. Thereafter, production files are temporarily retained in secure archives available only to Babbletype management for a limited period (to allow rapid access for any additional needed work), and are then deleted. 

Anonymization, randomization and obfuscation

Babbletype works to amplify security through anonymity, randomization and obfuscation of customer and end-client information. We anonymize all customer data, so that production workers who do not need that information cannot access it, and anonymize all worker information, such that workers on a project do not know the customer or each other. Excluding skill-driven requirements, work is randomly distributed, such that no single worker has extensive access to the data related to an entire project. We also obfuscate identifiable customer or end-client information wherever possible, including file names, templates and supporting information. 

Approach to HIPAA

Babbletype exclusively produces written transcripts from audio source data received from clients. There are only three potential locations where personally-identifiable patient information may be contained: supporting documentation received from the client, audio files received from the client, and the written transcripts Babbletype produced for the client. With regard to supporting documentation, Babbletype’s policy is to review, and if necessary, edit all received supporting documents for all personally identifiable patient information, so that any such potential HIPAA security risks are never placed on any Babbletype system. If a document containing personally identifiable information is received, Babbletype stores only the edited, redacted version of the document, and deletes the source emails containing the original information. With regard to audio recordings, Babbletype sets all received audio recordings to be automatically deleted from the company’s storage systems 60 days from the date of receipt, so that no audio from any client is stored long term. All such audio content is stored in secure, encrypted, company-controlled cloud storage systems, and contractors are trained to delete any local copies of such recordings immediately following completion of the work requiring the audio. With regard to transcripts, Babbletype trains contractors and documents procedures so that no personally identifiable patient information is ever captured in a transcript captured by Babbletype. All storage providers used by Babbletype are HIPAA certified. 

Production security

Babbletype’s recruitment processes ensures that all workers are properly identified, and that all staff and contractors working on customer files have signed confidentiality agreements setting out requirements for non-disclosure of customer information and requiring deletion of all client-owned information after work completion. All contractors are trained to delete all notes, audio files and other locally stored materials on completion of work, and in the non-capture of personally-identifiable patient information.