Can I use Apple Dictation for clinical notes containing PHI?

Apple does not offer a Business Associate Agreement to developers or users for built-in macOS services like Dictation. That alone makes Apple Dictation an awkward fit for any practice whose compliance posture requires a covered relationship with the dictation vendor. On modern Apple Silicon Macs many languages process on-device, which reduces the practical transmission risk, but the on-device guarantee depends on the language and the Mac generation, and the absence of a BAA leaves the contractual side unresolved.

Is Apple Dictation on-device?

On modern Apple Silicon Macs running a recent macOS, many supported languages are processed on-device. For older Macs, some languages, and in some longer-form dictation modes, Apple has historically routed audio through its servers. The exact behaviour varies and is not always self-evident from the system settings.

What about HealthKit-related products from Apple?

Apple offers covered-entity routes for some specific products and developer programmes, but built-in macOS Dictation is not one of them. The BAA-backed routes are typically for healthcare-focused APIs and not for a general-purpose system dictation feature available to all users.

Is there a Mac dictation tool with a clearer HIPAA story?

Parakeety transcribes locally on the Apple Neural Engine consistently across all supported languages, with no server-side fallback path. The audio never leaves the Mac, so the BAA question does not arise. Whether that architectural answer is sufficient for your compliance regime depends on your obligations; some teams require a contractually-binding vendor relationship and would procure an enterprise cloud transcription service with an advertised BAA instead.

← Resources

Is Apple Dictation HIPAA compliant?

Short answer: not in the way a clinical procurement team usually means by "HIPAA compliant". Apple does not provide a Business Associate Agreement for built-in macOS Dictation. On modern Apple Silicon Macs many languages are processed on-device, which is a meaningful privacy property, but the absence of a BAA means any practice whose compliance posture requires a contractually-bound vendor relationship cannot rely on Apple Dictation for that purpose.

The HIPAA gap with Apple Dictation

HIPAA puts two related obligations on a covered entity dictating clinical notes. First, the data path needs to be appropriate for Protected Health Information. Second, where a third party processes that PHI, a Business Associate Agreement needs to be in place that binds them to specific safeguards.

Apple Dictation arguably handles the first obligation reasonably well on modern Apple Silicon Macs, where many languages are processed on-device. It does not handle the second one at all, because Apple does not offer a BAA for built-in macOS Dictation. There is no vendor counterpart to negotiate the BAA with, and consequently no enforceable contractual posture to rely on if a compliance review asks.

The on-device variability

The on-device part of the story is real but not uniform. Apple has steadily moved dictation processing onto the Neural Engine for supported languages on supported Macs, and on a modern MacBook running a current macOS, dictation in mainstream languages does not require an internet connection.

For older Macs, less common languages, and certain longer-form dictation behaviours, Apple has historically routed audio through its servers. The exact threshold is not always documented at the level of detail a compliance officer would prefer. "On-device for our specific Mac and language" is a finer-grained answer than "on-device" by itself.

In a context where a regulator or insurer asks for evidence that PHI did not leave the device, "Apple’s documentation says it doesn’t in most cases" is a weaker answer than "the architecture does not transmit audio at all".

What this means in practice

For a casual dictation of non-clinical text into Notes or Messages on a modern Mac, Apple Dictation is fine. For Protected Health Information that needs to fit a HIPAA-compliant posture, it sits in an awkward middle: not contractually compliant because there is no BAA, and not architecturally consistent because the on-device guarantee varies.

Most practices that need a HIPAA-compliant dictation tool on Mac end up at one of two answers: a cloud transcription service with an advertised BAA (Wispr Flow enterprise, for example, or for Windows-based workflows Dragon Medical One), or an on-device dictation app whose architecture removes the BAA question from the conversation entirely.

The architectural alternative

Parakeety runs Parakeet TDT v3 on the Apple Neural Engine for every supported language on every Apple Silicon Mac. There is no server fallback, no mode where the audio path changes depending on Mac generation. Audio is captured to memory, transcribed locally and discarded. The BAA question does not arise because there is no business associate processing the audio.

The architectural-vs-contractual framing for HIPAA dictation is in HIPAA and dictation: architectural vs contractual privacy. The product comparison is Parakeety vs Apple Dictation.

FAQ

Can I use Apple Dictation for clinical notes containing PHI?: Apple does not offer a Business Associate Agreement to developers or users for built-in macOS services like Dictation. That alone makes Apple Dictation an awkward fit for any practice whose compliance posture requires a covered relationship with the dictation vendor. On modern Apple Silicon Macs many languages process on-device, which reduces the practical transmission risk, but the on-device guarantee depends on the language and the Mac generation, and the absence of a BAA leaves the contractual side unresolved.
Is Apple Dictation on-device?: On modern Apple Silicon Macs running a recent macOS, many supported languages are processed on-device. For older Macs, some languages, and in some longer-form dictation modes, Apple has historically routed audio through its servers. The exact behaviour varies and is not always self-evident from the system settings.
What about HealthKit-related products from Apple?: Apple offers covered-entity routes for some specific products and developer programmes, but built-in macOS Dictation is not one of them. The BAA-backed routes are typically for healthcare-focused APIs and not for a general-purpose system dictation feature available to all users.
Is there a Mac dictation tool with a clearer HIPAA story?: Parakeety transcribes locally on the Apple Neural Engine consistently across all supported languages, with no server-side fallback path. The audio never leaves the Mac, so the BAA question does not arise. Whether that architectural answer is sufficient for your compliance regime depends on your obligations; some teams require a contractually-binding vendor relationship and would procure an enterprise cloud transcription service with an advertised BAA instead.

Try Parakeety

Parakeety is a Mac menu-bar app. Hold the section key, talk, release; your words paste at the cursor in whichever app you were typing into. Audio never leaves the machine. There is a free 7-day trial with no card required. After that it is $30 once.

Try Parakeety free →