HIPAA Security & Privacy
Link Translations provides professional translation and interpretation services to healthcare organizations handling protected health information. When working with ePHI, we act as a Business Associate under HIPAA.
Last updated: March 1, 2026
How We Protect ePHI
Vetted Linguists
Our linguists are vetted and receive security training before being assigned to projects involving ePHI. They sign NDAs and BAAs, and their actions are subject to strict access controls.
Secure Upload
Clients upload documents through secure, encrypted connections. Linguists access and translate content within our secure platform.
No Email Transfers
At no point in the standard translation workflow does a linguist download or receive a document via email.
Policy Statement
Link Translations has taken and will continuously take reasonable and appropriate precautions to prevent, detect, contain, and correct security violations involving ePHI.
We implement reasonable and appropriate measures to limit access to ePHI only to those persons or automated processes that have been granted access rights based on their required functions. Linguists assigned to ePHI projects have completed HIPAA awareness training. All staff members with access to ePHI systems have received HIPAA training.
Principles
Our Security Officer maintains an inventory of projects involving ePHI and establishes a program to identify and mitigate risks. Risk analyses are conducted or updated:
Security measures are designed to:
Protect CIA
Protect the confidentiality, integrity, and availability of all ePHI we receive, maintain, or transmit.
Mitigate Threats
Protect against any reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of ePHI.
Prevent Misuse
Protect against any reasonably anticipated uses or disclosures not permitted by the HIPAA Privacy Rule.
Workforce Compliance
Facilitate workforce compliance with HIPAA requirements across all roles and functions.
Activity Reviews
Our Security Officer regularly reviews information system activity — including audit logs, system access records, and facility access records — to detect:
Security Incident Procedures
Our Security Officer develops, documents, and implements procedures to:
All documentation relating to potential and verified security incidents is retained for at least six years from the date of documentation.
Workforce Training
All workforce members with access to ePHI receive appropriate HIPAA training:
Business Associate Agreements
Link Translations executes Business Associate Agreements (BAAs) with all covered entities and subcontractors as required by HIPAA. These agreements outline our obligations for protecting ePHI and establish the permitted uses and disclosures of health information.
Physical & Technical Safeguards
Encryption
All ePHI is encrypted in transit (TLS 1.2+) and at rest using industry-standard encryption algorithms.
Access Controls
Role-based access ensures that only authorized personnel can access ePHI, with unique user identifiers and automatic session timeouts.
Audit Trails
All access to ePHI is logged and auditable, with records maintained for a minimum of six years.
Cloud Infrastructure
Our infrastructure runs on cloud servers that comply with HIPAA requirements, with physical access controls, environmental safeguards, and disaster recovery.
Backup & Recovery
Regular encrypted backups ensure data can be restored in the event of a system failure or disaster.
Exceptions
Any exceptions to this policy must be approved by Link Translations’ Security Officer and documented in writing.
Documentation & References
For official and updated information on HIPAA, please visit:
U.S. Department of Health & Human ServicesNeed a Business Associate Agreement?
For questions about our HIPAA compliance or to request a BAA, contact us:
Link Translations, Inc. · 66 Wynnewood Lane, Stamford, CT 06903