The thrust of this article seems to be that the important thing is that automatic transcription services be compliant with unspecified “governance standards”. It goes on to give a generally glowing review of a specific medical transcription service:

This software, Accurx Scribe, has been developed and deployed in line with all current NHS England requirements for AVT, and there is no suggestion this product breaches any rules, standards or guidance.

Indeed, the company which developed it meets weekly with NHS England on creating a standardised approach to scale the benefits across the NHS.

However their website seems to indicate that their privacy practices are garbage as transcriptions are implied to happen on company servers:

At Accurx, our employees may need to see patient data that we store for for strictly limited purposes.

This seems pretty absurd to me since the technology is at the point where effective on-device transcription is a reality. Why look at whether bureaucrats have rubber stamped something instead of looking at the actual commonsense properties of who has access to the data? That could easily be the doctor and no one else. The question of what constitutes good security and privacy isn’t even something this article wants to bring up for consideration.