Is Parakeety HIPAA certified?

No, because no software is. There is no official HIPAA certification; HHS does not certify products, and HIPAA compliance is a property of how a covered entity handles Protected Health Information, not a badge a tool carries. What can be said precisely is this: Parakeety transcribes on-device and never transmits audio or transcripts, so using it does not put PHI in transit to any third party.

Do I need a BAA with Parakeety?

No. A Business Associate Agreement governs a third party that creates, receives, maintains or transmits PHI on your behalf. Parakeety never receives your audio or transcripts; the speech model runs on your Mac and the result is pasted at your cursor. No PHI reaches the vendor or any subprocessor, so no business associate relationship exists and there is nothing for a BAA to cover.

Can I dictate SOAP notes into Epic with Parakeety?

Yes. Parakeety types wherever your cursor is, so it works in Epic the same way it works in any other Mac app: click into the field, hold the key, talk, release. There are dedicated guides on dictating into Epic and on dictating SOAP-format clinical notes, including a section-by-section template.

Does Parakeety store my dictation history?

No. Transcripts are pasted at the cursor and copied to the clipboard, and the audio buffer is discarded immediately after transcription. Nothing is written to disk; the debug log records only redacted lengths, never transcript content. The only record of what you dictated is the document you dictated it into.

← Resources

Is Parakeety HIPAA compliant?

Short answer: HIPAA compliance is a property of how a covered entity handles Protected Health Information, not a badge a product carries, and no software is "HIPAA certified" because no such certification exists. What can be said precisely about Parakeety is this: transcription happens on your Mac, audio and transcripts are never transmitted anywhere, so no PHI crosses a network and no business associate relationship is created. There is nothing for a BAA to cover. Here is the reasoning, and the parts that stay your responsibility.

What HIPAA actually asks of a dictation tool

HIPAA regulates covered entities (clinicians, practices, hospitals, health plans) and their business associates: third parties that create, receive, maintain or transmit PHI on a covered entity's behalf. When a dictation vendor's servers transcribe your audio, that vendor is receiving PHI, and HIPAA requires a Business Associate Agreement binding them to specific safeguards and breach-notification duties. Dictating PHI to a cloud service without a BAA is a violation regardless of how secure the service is.

Notice what that question hinges on: does the vendor receive PHI at all? For cloud dictation the answer is structurally yes, because the speech model runs in a data center, so the audio has to get there. The compliance work then lives in the contract around that transmission. For dictation where the speech model runs on the Mac itself, the answer is no, and the whole business-associate apparatus has nothing to attach to.

Where Parakeety sits

Parakeety is in the second category, part of the wider field of speech-to-text that runs entirely on the Mac. While you hold the push-to-talk key, audio is captured into a memory buffer. On release, the buffer is transcribed by a speech model running on the Apple Neural Engine, the text is pasted at your cursor, and the buffer is discarded. Transcripts are not written to disk. There is no cloud transcription path, even as a fallback.

So at transcription time, no PHI is in transit, and no PHI comes to rest on anyone else's systems. The patient's name never leaves the room.

What the license check sends

The sharp reviewer's follow-up: the app does make network calls, so what's in them? Two things exist. A one-time speech-model download from huggingface.co at first launch, and periodic license checks that send your license key, a SHA-256 hash of your Mac's hardware ID, and your machine name to a small backend hosted by Supabase. No audio, no transcripts, no usage data, ever. Neither call can carry PHI because the app has nowhere that PHI is stored to send.

The complete network story, with the reviewer checklist your IT department will want, is on the security page.

What stays your responsibility

On-device transcription removes the dictation vendor from your HIPAA picture. It does not remove your own obligations as a covered entity, and it would be dishonest to suggest otherwise:

The Mac itself. The device is now the perimeter. FileVault on, screen lock that engages, and a plan for a laptop that gets lost or stolen.
Where the text lands. The transcript pastes wherever your cursor is. Your EHR remains the system of record and its controls apply. Dictating a clinical note into an app that syncs to iCloud puts that note in iCloud; Parakeety kept the audio local, but the destination is your choice.
Shared machines. The transcript also lands on the clipboard. On a shared workstation, that's worth knowing.

How this compares with the BAA route

The contractual model is legitimate and well-trodden: US health systems run cloud clinical software under BAAs every day. Wispr Flow offers a BAA on its enterprise tier, and Dragon Medical One is built around that model. In each case the audio leaves the machine and the contract constrains what happens to it afterwards.

The architectural model removes the question instead of answering it. For a sole practitioner, a small practice, or anyone whose information-governance review is easier to pass with "no PHI is transmitted" than with a vendor contract, that's the appeal. The full comparison of the two models, including where each one genuinely wins, is in HIPAA and dictation: architectural vs contractual privacy.

For how this plays out in a working day, Parakeety for clinicians and GPs and Parakeety for therapists and counselors walk through the same answer in the language of each role.

FAQ

Is Parakeety HIPAA certified?: No, because no software is. There is no official HIPAA certification; HHS does not certify products, and HIPAA compliance is a property of how a covered entity handles Protected Health Information, not a badge a tool carries. What can be said precisely is this: Parakeety transcribes on-device and never transmits audio or transcripts, so using it does not put PHI in transit to any third party.
Do I need a BAA with Parakeety?: No. A Business Associate Agreement governs a third party that creates, receives, maintains or transmits PHI on your behalf. Parakeety never receives your audio or transcripts; the speech model runs on your Mac and the result is pasted at your cursor. No PHI reaches the vendor or any subprocessor, so no business associate relationship exists and there is nothing for a BAA to cover.
Can I dictate SOAP notes into Epic with Parakeety?: Yes. Parakeety types wherever your cursor is, so it works in Epic the same way it works in any other Mac app: click into the field, hold the key, talk, release. There are dedicated guides on dictating into Epic and on dictating SOAP-format clinical notes, including a section-by-section template.
Does Parakeety store my dictation history?: No. Transcripts are pasted at the cursor and copied to the clipboard, and the audio buffer is discarded immediately after transcription. Nothing is written to disk; the debug log records only redacted lengths, never transcript content. The only record of what you dictated is the document you dictated it into.

Try it

Parakeety is a Mac menu-bar app. Hold a key, talk, release; your words paste at the cursor in whichever app you were typing into, your EHR included. Audio never leaves the machine, so there is no PHI to put under a BAA in the first place. There is a free 7-day trial with no card required. After that it is $30 once.

Try Parakeety free →