Making Sure Your Translation Provider Is Compliant

If you work in a field that handles personal data, like workers’ compensation, you’re likely familiar with data privacy and compliance. What may be less clear is that if you work with a translation service, they have to meet the same level of compliance you do.
 
After all, it doesn’t matter how compliant an organization is if a translator leaks private information.
 
And businesses share the responsibility (and consequences) of any mistake made by a translator they hire.
 
It’s why screening your translators for compliance is integral to one’s reputation and financial stability.
 

The Consequences of Weak Compliance

Personal privacy is a serious matter. Leaking someone’s personal information removes their freedom of choice and exposes them to identity fraud.
 
As a result, there is legislation to protect personal information. One law that directly impacts medical and workers’ comp providers is the Health Insurance Portability and Accountability Act (HIPAA).
 

HIPAA

HIPAA requires the security of a patient’s protected health information (PHI) so that the public and anyone uninvolved in a patient’s treatment cannot access it unless indicated by the patient.
 
Translators working with patients are bound by HIPAA even though they aren’t official medical personnel, and businesses can lose hundreds of thousands in fines for HIPAA violations.
 
HIPAA has four tiers, with the fourth reaching a $50,000 fine per violation. You can receive fines of up to $1.5 million per year.
 
Financial penalties aside, it’s worth considering the damage to one’s reputation as well.
 

GDPR

The General Data Protection Regulation (GDPR) is another law that may impact your compliance standards if you offer any service to the European Economic Area (EEA) or collect data on any EEA citizens. The EEA includes the European Union, Iceland, Liechtenstein and Norway.
 
GDPR works similarly to HIPAA to protect personal data but extends beyond the medical realm and offers even greater fines. Serious infringements may result in fines up to €20 million (about $22.6 million) or 4% of the firm’s annual revenue from the previous financial year.
 

How to Screen Translators for Compliance

When choosing a compliant translation service, you can ask about their general processes for maintaining compliance, but knowing how to dig deeper may be key to protecting your business. Ask any service you’re considering about the following areas to evaluate how seriously they take data security.
 

Non-Disclosure and Business Associate Agreements

Professional translators qualified to work in the legal or medical space should be familiar with non-disclosure agreements or business associate agreements and willing to sign one or the other.
 
A business associate agreement is a written agreement that details each party’s responsibility in protecting health information under HIPAA.
 
Non-disclosure agreements (NDAs) are legally enforceable contracts that prevent disclosing certain information. Breaking an NDA makes it possible to sue the violator for damages.
 

Systems and Technologies

The systems and technologies a translator uses to do their job also need to meet compliance. Confirm that the translation service you’re considering uses secure management systems for all note-taking and document-sharing. One unencrypted email is enough to break compliance.
 
In regards to technology, it’s also wise to ask whether they rely on any open-source tools. Some translators use machine translation to speed up their process, but if the tool they use is open source, the system may have access to inputted information.
 

Certifications and Renewal

Compliance certifications are another great thing to look for when hiring a translator. Certifications prove that they or their partner technologies understand and meet the requirements necessary to protect personal data.
 

The International Organization of Standards (ISO) creates updated standards that providers should be certified in. At iLingo2, we have required our technology partner to obtain ISO 27001, ISO 27017 and ISO 27018 certifications, among others.
 
We recommend steering away if a translation service doesn’t have a single compliance certification. If it does, ask follow-up questions regarding certification renewal.
 
How long have they been certified? Do they renew their certifications regularly to stay up to date with current standards?
 

Staff Training and Subcontractor Screening

If you’re hiring a reputable service over an individual translator, ask about their staff and subcontractors.
 
All staff should be trained in compliance measures, maintaining privacy and using secure technologies.
 
Where staff are trained, temporary subcontractors may not be. If the company you hire uses subcontractors on occasion, ask about their screening process.
 

Incident Response

Prevention isn’t the only role of your business associates; there should also be plans for correction in case anything goes wrong. A business’s efforts to correct a breach are considered when deciding HIPAA fine tiers.
 
Ask about the steps translation services have in place to notify them when there is a breach and what their response plan looks like.
 

Protect Your Business From Hazardous Partners

Offering translated documents is no longer an option for medical, legal or insurance businesses. Not only do a growing number of people require translation to receive appropriate care and service, but in many instances, it’s illegal not to provide them.
 
As offering translation in-house is a complicated and expensive ordeal, many turn to external providers. But not all providers are created equal, and choosing one who fails to meet HIPAA standards creates risk.
 
If you’re looking for a compliant translation provider like iLingo2, the above questions will help. If you already have a provider, ask them these questions, too, if you haven’t already.