Can I use MacWhisper for clinical work that involves PHI?

MacWhisper does not currently advertise a HIPAA-compliant tier with a Business Associate Agreement available to covered entities. For the core local transcription path the question of 'is PHI being disclosed to a third party' does not engage in the same way as a cloud service, because audio stays on the Mac while a local Whisper model processes it. The complication is the auxiliary AI features (summaries, chat over a transcript) that send transcript text to cloud LLM providers; those features would not be appropriate for unencrypted PHI without a vendor agreement covering them.

Does the local Whisper path in MacWhisper count as HIPAA-safe?

For the audio leg, broadly yes: a local Whisper model on your Mac is not a business associate, so the audio path does not introduce a third party. The hazard is what you do with the transcript afterwards. If the transcript is summarised or chatted-over through a cloud LLM inside MacWhisper, the summary path is a third-party processor and needs to be covered under a BAA the same as any other cloud service handling PHI.

What about MacWhisper Pro and team tiers?

Paid tiers unlock larger Whisper models and additional features. They do not, at the time of writing, advertise a BAA-backed HIPAA-compliant deployment in the way enterprise cloud transcription services do. If your practice needs a contractually compliant arrangement with the vendor, MacWhisper is not the shape of product offering that today.

Is there a cleaner option for on-device clinical dictation on Mac?

Parakeety is a push-to-talk dictation app whose entire surface stays on the Mac. There are no AI summarisation or chat-over-a-transcript features that route text to cloud LLM providers, so the privacy surface is smaller than apps that bundle local transcription with cloud-based post-processing. The architectural framing is in HIPAA and dictation: architectural vs contractual privacy.

← Resources

Is MacWhisper HIPAA compliant?

Short answer: the local transcription path keeps audio on the Mac, which sidesteps the usual cloud-business-associate question for audio. The optional AI features (summaries, chat over a transcript) route text to cloud LLM providers and are a separate compliance question. MacWhisper does not currently offer a Business Associate Agreement, so for any practice that requires a contractually-binding HIPAA arrangement with the vendor, this is not the shape of product to procure.

What MacWhisper actually does

MacWhisper is a Mac app for transcribing audio and video files locally, with Whisper models bundled on-device. Drag in a recording, pick a model, get a transcript out. Over time it has added dictation, batch processing, AI summarisation and team features. The centre of gravity is still files-in-transcripts-out.

For the audio-to-text leg, transcription runs locally. The audio is not transmitted to MacWhisper’s servers or anyone else’s; a Whisper model on your Mac does the work. That part of the workflow is structurally similar to Parakeety’s: a local speech model, no cloud round-trip for the audio.

Where the HIPAA conversation gets complicated

MacWhisper bundles AI features around the transcript: ask-questions-of-the-transcript, summarisation, format conversion. These features call out to cloud LLM providers (OpenAI, Anthropic and others depending on configuration) and send the transcript text to those providers as part of the prompt.

For non-clinical content this is convenient. For PHI, it is the same compliance step a clinician would have to take for any other cloud LLM handling Protected Health Information: you need a BAA in place with the LLM provider, and you need MacWhisper as the intermediary to also have a covered relationship for the data it is passing through. Neither of those is a self-serve checkbox today.

If you only ever use the local transcription path and disable the AI features, the audio side of the workflow stays on-device. The compliance posture is then about disk encryption, device management and ordinary endpoint hygiene, the way any other locally-running medical software would be evaluated.

The shape of an on-device alternative

Parakeety takes the local-transcription approach without the cloud-LLM features bolted on. Audio is captured to memory, transcribed on the Apple Neural Engine, pasted at the cursor and discarded. There are no AI summarisation features that would route transcript text to a third-party model provider, so the surface area for a compliance review is smaller.

The cornerstone piece on HIPAA and dictation: architectural vs contractual privacy walks through how the two compliance postures differ, and which one fits which kind of practice. The full product comparison is in Parakeety vs MacWhisper.

How to decide

Local transcription only, no AI features. MacWhisper’s audio path stays on the Mac. Treat it like any locally-running clinical software.
You want AI summarisation of clinical notes. Cloud LLMs handling PHI need a BAA. Self-serve consumer tiers will not be the right route.
You want push-to-talk dictation rather than file transcription. Parakeety is the directer fit and has no cloud post-processing to evaluate.
You need a contractually compliant arrangement with the vendor. Procure an enterprise cloud transcription service with an advertised BAA, not a consumer Mac app.

FAQ

Can I use MacWhisper for clinical work that involves PHI?: MacWhisper does not currently advertise a HIPAA-compliant tier with a Business Associate Agreement available to covered entities. For the core local transcription path the question of "is PHI being disclosed to a third party" does not engage in the same way as a cloud service, because audio stays on the Mac while a local Whisper model processes it. The complication is the auxiliary AI features (summaries, chat over a transcript) that send transcript text to cloud LLM providers; those features would not be appropriate for unencrypted PHI without a vendor agreement covering them.
Does the local Whisper path in MacWhisper count as HIPAA-safe?: For the audio leg, broadly yes: a local Whisper model on your Mac is not a business associate, so the audio path does not introduce a third party. The hazard is what you do with the transcript afterwards. If the transcript is summarised or chatted-over through a cloud LLM inside MacWhisper, the summary path is a third-party processor and needs to be covered under a BAA the same as any other cloud service handling PHI.
What about MacWhisper Pro and team tiers?: Paid tiers unlock larger Whisper models and additional features. They do not, at the time of writing, advertise a BAA-backed HIPAA-compliant deployment in the way enterprise cloud transcription services do. If your practice needs a contractually compliant arrangement with the vendor, MacWhisper is not the shape of product offering that today.
Is there a cleaner option for on-device clinical dictation on Mac?: Parakeety is a push-to-talk dictation app whose entire surface stays on the Mac. There are no AI summarisation or chat-over-a-transcript features that route text to cloud LLM providers, so the privacy surface is smaller than apps that bundle local transcription with cloud-based post-processing. The architectural framing is in HIPAA and dictation: architectural vs contractual privacy.

Try Parakeety

Parakeety is a Mac menu-bar app. Hold the section key, talk, release; your words paste at the cursor in whichever app you were typing into. Audio never leaves the machine, and there are no cloud AI features to worry about for clinical content. There is a free 7-day trial with no card required. After that it is $30 once.

Try Parakeety free →