Can I use SuperWhisper for clinical work involving PHI?

It depends on which model you pick inside SuperWhisper. If you stay on a fully local Whisper variant and avoid the AI-cleanup features, the audio stays on the Mac. If you pick a cloud model (the OpenAI or Anthropic options offered through bring-your-own-key) or use the AI cleanup features that route the transcript through a cloud LLM, you are sending Protected Health Information to a third party, which needs a Business Associate Agreement that SuperWhisper does not currently provide on a consumer tier.

Does SuperWhisper offer a Business Associate Agreement?

Not as a self-serve consumer feature. SuperWhisper is marketed primarily to individuals, and the consumer tier does not advertise a BAA. For clinical practices that need a contracted vendor relationship for HIPAA compliance, that is the gap.

What about the bring-your-own-key cloud models?

BYOK shifts the data path to whichever LLM provider you authenticate against. The provider would then need a BAA covering the calls SuperWhisper makes on your behalf, and you would need to use them under that agreement. OpenAI and Anthropic do offer enterprise tiers with BAAs, but that is a separate procurement from the consumer SuperWhisper subscription.

Is there a Mac dictation app that avoids this question?

Parakeety runs a single local model on the Apple Neural Engine and has no AI cleanup features or cloud model options. The audio leg and the post-processing leg both stay on the Mac because the post-processing leg does not exist. For practices that want a smaller compliance surface, that simplicity is the point.

← Resources

Is SuperWhisper HIPAA compliant?

Short answer: it depends on which of SuperWhisper’s many model options you have configured, and whether you use the AI cleanup features. The local Whisper variants keep audio on the Mac; the cloud model options and AI cleanup features route audio or transcript text to third-party providers. SuperWhisper does not currently advertise a Business Associate Agreement on its consumer tier, so any cloud path inside the app is outside a HIPAA-compliant arrangement.

Why "it depends" rather than yes or no

SuperWhisper’s defining feature is the model menu. Inside one app you can pick a local Whisper variant of a chosen size, a Parakeet model, or hand transcription off to a cloud LLM provider through bring-your-own-key (commonly OpenAI or Anthropic). Layered on top is an AI cleanup feature: the raw transcript can be passed to an LLM that reformats it as an email, a code comment, a summary or a structured note.

That richness is the product’s appeal for many users, but it complicates the HIPAA conversation. Two adjacent uses of the same app can have very different data paths. The audio leg and the post-processing leg need to be evaluated independently.

The cloud paths inside SuperWhisper

When SuperWhisper is configured to use a cloud model for transcription, audio is sent to that provider’s API. When the AI cleanup feature is on, the transcript text is sent to the configured LLM provider. Either of those paths introduces a third party that, under HIPAA, would need a Business Associate Agreement in place if Protected Health Information is involved.

For clinical use, the practical implication is that you cannot rely on SuperWhisper’s consumer tier as a HIPAA-compliant dictation tool unless you have set up a covered relationship with the downstream LLM provider yourself and disabled the features that would route data outside that relationship. That is achievable for some practices and unwieldy for most.

The local-only path

If you configure SuperWhisper to use a local Whisper model and disable the AI cleanup features, the audio is processed on the Mac and the transcript stays local. The HIPAA evaluation then resembles that of any local clinical software: endpoint security, device management, encrypted disk. There is no business associate in scope for the audio leg because no audio is leaving the device.

The trade with that configuration is that you give up the parts of SuperWhisper that make it different from other on-device dictation apps. At which point a single-purpose on-device dictation app is the cleaner shape of product.

The smaller-surface alternative

Parakeety has one model (Parakeet TDT v3) running in one place (the Apple Neural Engine) with no AI cleanup features. There is no model picker to misconfigure and no cloud post-processing toggle that might be flipped on by accident. For a practice that wants the smallest possible compliance surface for everyday clinical dictation, that simplicity is the architectural answer.

The architectural-vs-contractual framing is in HIPAA and dictation: architectural vs contractual privacy. The full product comparison is Parakeety vs SuperWhisper.

FAQ

Can I use SuperWhisper for clinical work involving PHI?: It depends on which model you pick inside SuperWhisper. If you stay on a fully local Whisper variant and avoid the AI-cleanup features, the audio stays on the Mac. If you pick a cloud model (the OpenAI or Anthropic options offered through bring-your-own-key) or use the AI cleanup features that route the transcript through a cloud LLM, you are sending Protected Health Information to a third party, which needs a Business Associate Agreement that SuperWhisper does not currently provide on a consumer tier.
Does SuperWhisper offer a Business Associate Agreement?: Not as a self-serve consumer feature. SuperWhisper is marketed primarily to individuals, and the consumer tier does not advertise a BAA. For clinical practices that need a contracted vendor relationship for HIPAA compliance, that is the gap.
What about the bring-your-own-key cloud models?: BYOK shifts the data path to whichever LLM provider you authenticate against. The provider would then need a BAA covering the calls SuperWhisper makes on your behalf, and you would need to use them under that agreement. OpenAI and Anthropic do offer enterprise tiers with BAAs, but that is a separate procurement from the consumer SuperWhisper subscription.
Is there a Mac dictation app that avoids this question?: Parakeety runs a single local model on the Apple Neural Engine and has no AI cleanup features or cloud model options. The audio leg and the post-processing leg both stay on the Mac because the post-processing leg does not exist. For practices that want a smaller compliance surface, that simplicity is the point.

Try Parakeety

Parakeety is a Mac menu-bar app. Hold the section key, talk, release; your words paste at the cursor in whichever app you were typing into. Audio never leaves the machine, and there are no cloud AI features to worry about. There is a free 7-day trial with no card required. After that it is $30 once.

Try Parakeety free →