In October 2024, a medical assistant at a mid-sized Texas clinic used Google Translate to convert a discharge summary that included a patient's HIV status and psychiatric notes. The text traveled to Google's servers with no encryption guarantee, no audit trail, and no Business Associate Agreement in place. The clinic was looking at potential HIPAA penalties of up to $50,000 per record.
This is not an isolated mistake. Over 25% of U.S. residents speak a language other than English at home, and 8.4% have limited English proficiency. Under Section 1557 of the Affordable Care Act, covered healthcare entities are required to provide meaningful language access. The practical result is that staff routinely reach for the fastest available tool, which is usually a consumer translation app that transmits patient data to external servers.
The compliance answer is actually simple: to translate Protected Health Information legally, you need either (a) a signed Business Associate Agreement with your translation vendor, (b) human translators bound by confidentiality agreements, or (c) an offline AI system that never sends data outside your hardware. Consumer tools like Google Translate offer none of these. This guide lays out why, and what to do instead.
What counts as PHI in a document going to translation
PHI is any individually identifiable health information—electronic, paper, or oral—relating to a person's physical or mental health condition, healthcare provision, or payment. HIPAA's Safe Harbor method lists 18 identifiers that must be removed before a document can be considered de-identified. If any of these appear in a document you're about to translate, that document is PHI:
Names (patient, relatives, employers) · geographic subdivisions smaller than state · dates tied to an individual (birth, admission, discharge, death) · phone numbers · fax numbers · email addresses · Social Security numbers · medical record numbers · health plan beneficiary numbers · account numbers · certificate or license numbers · vehicle identifiers and license plates · device identifiers and serial numbers · web URLs · IP addresses · biometric identifiers · full-face photographs · any other unique identifying code
In practice, even routine documents clear the threshold quickly. An appointment confirmation reading "Maria Gonzalez's cardiology visit on March 15th at 2:30 PM" already contains three identifiers: a name, a date, and geographic information. A referral letter with "MRN 8473920" contains a medical record number linking to an entire patient history.
Why cloud translation tools fail the compliance test
When text containing PHI enters a cloud translation service, several HIPAA requirements are triggered at once: the data must be transmitted (encryption requirements), processed (access control requirements), potentially stored (retention and deletion obligations), and logged (audit trail requirements). Consumer platforms fail on all four counts.
No BAA is available. Google Translate, DeepL, and similar consumer services explicitly decline to sign Business Associate Agreements for their standard tiers. This is not a technicality—these platforms run business models that depend on using submitted content to improve their models, aggregate data for analytics, and process text on multi-tenant infrastructure where isolation cannot be guaranteed. Without a BAA, transmitting PHI to these services is an unauthorized disclosure under HIPAA.
No audit trail exists. HIPAA requires you to record and examine all activity in systems containing PHI: who accessed what, when, what they did, and whether data was exported. If you paste a patient's discharge summary into Google Translate, you cannot determine whether a Google employee accessed it, whether it was logged for machine learning training, or when—or whether—it was deleted. That absence of visibility alone disqualifies consumer tools from compliant workflows.
No enforceable encryption standard. Google Translate uses encryption, but it cannot guarantee end-to-end encryption where only your organization controls the decryption keys. HIPAA requires contractual guarantees and audit rights, not trust. Even if a vendor's security is excellent, you have no mechanism to verify it, enforce it, or prove it to an auditor.
No deletion enforcement. HIPAA requires you to enforce retention limits and obtain verifiable confirmation of secure destruction. Consumer services offer no certificates of destruction and no deletion timelines you can enforce.
What HIPAA's technical safeguards actually require
The Security Rule establishes four mandatory technical safeguards that apply directly to any system handling PHI, including translation tools.
Access controls. Systems must implement unique user identification, automatic logoff, and role-based access following the minimum necessary standard. Generic tools allowing anonymous use or shared logins fail immediately.
Audit controls. Hardware, software, and procedural mechanisms must record and examine all PHI activity. Logs must be retained for at least six years and available for compliance audits.
Transmission security. PHI transmitted electronically requires encryption in transit (TLS 1.2 or higher) and at rest (AES-256 is the typical standard), with verifiable key management.
Integrity controls. PHI must be protected from improper alteration or destruction, with mechanisms to confirm that data hasn't been modified without authorization.
Document risk tiers and appropriate translation methods
Not every document with PHI carries the same risk. Stratifying your translation workflow by document type lets you match security controls to actual exposure.
High risk — highest protection required. Psychiatric and mental health notes, HIV/AIDS records, substance abuse treatment documentation, genetic testing results, detailed clinical notes, and child abuse or domestic violence reports all contain PHI that, if disclosed, causes outsized harm to patients. For these documents: human translators with signed confidentiality agreements and BAAs, or offline AI systems with zero external data transmission.
Moderate risk. Lab results, imaging reports, medication lists, referral letters, and patient education materials for specific conditions contain identifiable PHI but less sensitive clinical information. BAA-backed cloud enterprise translation services can handle these if encrypted transmission, credentialed access, audit logging, and retention limits are all in place. Offline systems work for these too, without any external transmission risk.
Lower risk (still protected). Appointment reminders, billing statements, general scheduling communications, and non-patient-specific health education materials. Consumer tools remain non-compliant even for these. However, organizations have more room to use cost-effective options: template-based translations pre-approved by legal counsel, or offshore services with BAAs in place.
The three compliant paths
Human translation with a BAA. Human translators working under signed confidentiality agreements and BAAs provide HIPAA-compliant workflows, medical terminology expertise, and professional accountability. The main constraint is cost and speed. Professional medical translation runs $0.15–$0.30 per word; a standard 500-word discharge summary costs $75–$150 and takes 24–72 hours for common language pairs, longer for less common ones. A hospital serving 5,000 limited English proficiency patients annually, with each requiring an average of three translated documents, faces translation costs exceeding $300,000 per year.
Enterprise cloud AI with a BAA. Some translation platforms offer healthcare-specific tiers with signed BAAs, encrypted file transfer portals, role-based access, audit logs, and HIPAA-trained translators. These deliver AI speed without the categorical compliance failure of consumer tools, but they still involve external data transmission. You remain responsible for verifying the vendor's security posture through due diligence and periodic audits, and for enforcing retention limits contractually.
Offline AI. Translation software that installs directly on local hardware processes PHI without any external transmission. Because no data leaves the machine and no third party accesses PHI, you eliminate the BAA requirement entirely—the tool behaves like word processing software rather than a service provider. Translation takes seconds rather than days, and costs approach zero after initial licensing.
Transdocia is one option built specifically around this architecture. It runs entirely on Windows or macOS with no internet connection required—ever—and supports 54 languages in any direction. A few details relevant to healthcare workflows: it handles documents of any length without chunking (cloud competitors typically cap at a few thousand characters), it includes a two-way glossary for enforcing consistent medical terminology across documents, and it offers tone presets including Medical, Legal, and Simplified—useful when the same clinical content needs to go to both a specialist and a patient with low health literacy. On a 2017 Intel Core i5 laptop, a standard discharge summary processes in under 40 seconds. Licensing is one-time rather than subscription-based, which matters when you're doing volume translation across a large patient population.
Deploying offline translation: a configuration checklist
The steps below apply to any offline AI translation tool deployed on a dedicated workstation. If you're using Transdocia specifically, the software itself requires no configuration for network isolation—it has no network functionality to disable—so your setup effort is concentrated entirely on the hardware and OS controls below.
Hardware configuration. Designate specific workstations exclusively for translation. Physically disable or remove network adapters. Enable full-disk encryption (BitLocker on Windows, FileVault on macOS). Disable USB ports or implement strict device whitelisting. Set BIOS passwords to prevent unauthorized hardware changes.
Access controls. Create individual user accounts for each authorized translator. Enforce strong passwords and MFA where supported. Document all authorized users in compliance records.
Physical security. Locate translation workstations in restricted areas. Implement sign-in/sign-out procedures. Lock workstations at the end of each shift.
Workflow. Staff retrieve the PHI document from the EHR on a networked workstation, copy text to encrypted removable media, move to the isolated translation workstation, perform translation using offline software, copy the output back via encrypted media, upload to the EHR, and securely delete temporary files from both machines per your retention policy.
Logging and audit. Enable OS-level audit logging on translation workstations. Review logs periodically for unauthorized access attempts. Test incident response procedures at least annually.
Because PHI processed on an air-gapped workstation never travels externally, a workstation compromise does not trigger breach notification obligations under HIPAA—there was no transmission to report.
Comparing approaches
| Approach | External transmission | BAA required | Speed | Estimated cost per document | Audit capability | Compliance status |
|---|---|---|---|---|---|---|
| Human translation | Depends on vendor | Yes | 24–72 hours | $75–$150 | Vendor-dependent | Compliant with BAA |
| Consumer cloud AI | Yes | Not available | Instant | Free | None | Non-compliant for PHI |
| Enterprise cloud AI + BAA | Yes | Yes | Instant | Subscription fee | Yes | Compliant with controls |
| Offline AI | None | No | Instant | One-time software cost | OS-level logs | Minimal risk |
Patient safety stakes beyond the regulatory exposure
The compliance risk is real, but patient safety is the more immediate concern. Studies document 35% higher medication dosing errors among limited English proficiency patients, and multilingual discharge instructions reduce 30-day readmission rates by 22% when professionally translated. General-purpose machine translation tools are not trained on medical terminology, so medication names, dosages, and clinical instructions are mistranslation risks on every document. Using non-compliant tools introduces both a HIPAA violation and a potential medical malpractice exposure at the same time.
Summary
Consumer translation tools are categorically non-compliant for PHI. They transmit patient data to external servers without BAAs, maintain no audit trails, offer no enforceable encryption guarantees, and use submitted content for model training. Pasting a patient record into Google Translate is an unauthorized disclosure under HIPAA regardless of the clinical stakes of the document.
Three compliant paths exist: human translation services with signed BAAs; enterprise cloud platforms with BAAs and healthcare-specific security controls; and offline AI translation that processes PHI on local hardware with no external transmission. Which path fits your organization depends on document volume, language diversity, PHI sensitivity, and IT resources.
For organizations handling high volumes of sensitive PHI—psychiatric hospitals, HIV/AIDS clinics, large multilingual patient populations—the offline path eliminates the most compliance complexity at the lowest ongoing cost. Transdocia is purpose-built for this use case: no internet connection, no BAA requirement, 54 languages, and medical terminology controls that general-purpose tools don't offer. Deploy it on network-isolated workstations with the controls described above, and you have a translation workflow an auditor can actually follow.
