1. Introduction

Welcome to Medlex Ltd. We are committed to protecting the privacy and security of the sensitive medical and personal information we process. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our medical transcription services at medlexltd.com.

2. Compliance Standards

As a medical transcription provider, we operate as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) for our US clients and as a Data Processor under the General Data Protection Regulation (GDPR) for our clients. We strictly adhere to the standards required to maintain the confidentiality, integrity, and availability of all data.

3. Information We Collect

  • Client Information: Name, email address, billing address, and professional credentials of healthcare providers or facilities.

  • Audio/Video Files: Dictations and recordings provided by clients for transcription.

  • Patient Data (PHI/PII): Information contained within dictations, which may include patient names, dates of birth, medical histories, diagnoses, and treatment plans.

  • Usage Data: IP addresses, browser types, and access times via our secure portal.

4. How We Use Information

We use the collected information solely to:

  • Provide accurate medical transcription and documentation services.

  • Securely deliver completed transcripts to the authorized healthcare provider.

  • Manage client accounts and billing.

  • Comply with legal obligations and quality control standards.

5. Data Security and Safeguards

We implement industry-leading technical, administrative, and physical safeguards:

  • Encryption: All data is encrypted at rest (AES-256) and in transit (SSL/TLS).

  • Access Control: Access to PHI is restricted to authorized transcriptionists and quality assurance staff on a “need-to-know” basis.

  • Secure Infrastructure: Files are processed and stored on HIPAA/GDPR-compliant secure servers.

  • Confidentiality Agreements: Every member of our workforce undergoes HIPAA training and signs a binding non-disclosure agreement (NDA).

6. Third-Party Disclosures

We do not sell, rent, or trade any personal or medical data. Data may only be shared with:

  • Sub-processors: Highly vetted contractors who assist in the transcription process under a signed Business Associate Agreement (BAA) or Data Processing Addendum (DPA).

  • Legal Authorities: Only when required by law to comply with a subpoena or similar legal process.

7. Data Retention and Disposal

We retain transcripts and audio files only for as long as necessary to fulfill the service or as required by medical record retention laws. Once the retention period expires, data is permanently deleted using secure electronic destruction methods.

8. Your Rights

Depending on your jurisdiction, you (or the data subjects you represent) may have the right to:

  • Request access to or copies of your data.

  • Request correction of inaccuracies.

  • Request deletion of data (subject to legal retention requirements).

  • Withdraw consent for data processing.