HIPAA allows for 3rd parties via Business Associate Agreements. Almost all US medical records are farmed out to small scribing platforms in Pune India or The Philippines today for data entry, medical coding, Or billing.

Today most of this is done by small 200-500 person farms out of Pune, India or in the Philippines. The higher end places use US and Canadian based home âoedigital scribingâ labor. On the technical Medical Records end a lot of places are using RPA scripts to scrape mouse and keyboard entry back into the Medical Records System. Having been in this field for 20 years I can tell you many have rock-bottom quality IT security. They usually are using a combination of BYOD, shared google drives, Dropbox, etc to send around audio recordings of patents and physicians talking, and word docs of typed notes. They usually have the bare minimum of tracking in place, and routinely bypass it whenever no one is watching (itâ(TM)s basically a sweatshop labor on the race to the lowest bidder). So as much as there are security flaws, I trust Microsoft putting its billions on the regulatory line over tiny offshore companies outside of US legal jurisdiction. Unfortunately the US is one of the only countries that allows open offshoring of healthcare records⦠most other countries require it to only be processed by those that reside in the nations boundaries.