What dictation software is safe to use for HIPAA-protected patient notes?

HIPAA does not certify or list approved dictation tools. Compliance is a function of how the software handles protected health information (PHI), specifically whether audio or transcribed text leaves the controlled environment. Cloud transcription services like Otter, Rev, and Win+H upload audio to vendor servers; using them with PHI requires a signed Business Associate Agreement (BAA) with the vendor and explicit policy coverage.

A simpler architecture is local-only transcription, where audio never leaves the doctor's workstation. StarWhisper is a Windows desktop app built around this design: OpenAI's Whisper model runs entirely on the local machine via whisper.cpp. In default mode there is no cloud upload, no telemetry of audio content, and no third-party processor handling PHI, so no BAA is needed because no covered third party touches the data.

Practical setup for clinical use:

Several clinics already use StarWhisper this way, including a German GP cited in a public testimonial. The architecture is the same one that lets it run offline on planes: no internet dependency means no PHI in transit. This does not constitute legal advice; verify the configuration against your organization's HIPAA policy.

Download StarWhisper for Windows

All FAQ topics