Tuesday, October 4, 2011

How to outsource medical transcription and ensure HIPAA compliance during the process

HIPAA, Health Insurance Portability and Accountability Act, applies to medical transcription for protection of confidential personal health information of patients during the process of medical transcription. This data is especially vulnerable during the process of transmission. Now the HITECH act has improved and expanded on the concerns and issues raised by HIPAA

HITECH has improved and expanded on the concerns and issues addressed by HIPAA (Health Insurance Portability and Accountability Act). HITECH has added new requirements concerning privacy and security for health information that materially and directly affects many entities, businesses, and individuals in ways more diverse than HIPAA

How do HIPAA and HITECH regulations affect medical transcription service providers?

HITECH has added as ‘Business Associates’, organizations that transmit protected Health Information and require access on a regular basis to such information.

Medical transcription is the process of converting audio records of the patient-healthcare professional encounter into text format. The process of medical transcription is made efficient and cost effective when outsourced to a professional medical transcription service provider. Medical transcription service providers come under the purview of HITECH as business associates, as they have access to patient health information and are involved in the process of transmitting this data back and forth during the process of transcription.

What are the factors that need to be checked on to ensure that a medical transcription company is HIPAA and HITECH compliant during the process of outsourcing?

The process for evaluating HIPAA and HITECH compliance of the medical transcription company being outsourced to needs to cover the following points:

  • Whether the medical transcription company has identified the compliance requirements specific to their organization

  • Has the medical transcription company carried out a risk analysis that includes the total flow of Patient Health Information (PHI) during the process of transcription? This needs to include the beginning of the process, all the steps in between up to the conclusion of the process, namely:

  1. Collection of dictation
  1. Transmission of audio files
  2. Distribution of audio files for transcription
  3. Shared access for quality checks
  4. Transmission of transcripts back to the healthcare professionals
  5. Archiving

·                    One needs to evaluate whether the service provider has identified the high-risk areas and looked at the current risk containment measures. The measures need to be revised to ensure that they are in tandem with current requirements and latest technology, making sure there are no loopholes to allow for breaches
·                    It is important to ensure that the employees of the medical transcription company and any third parties having access to PHI are fully trained on the privacy and security requirements. Make them aware of their role in protecting PHI
·                    Does the medical transcription company review existing relationships between covered entities and develop a continuing compliance strategy?
·                    Has the medical transcription company developed a strategy to minimize breaches, an early detection plan for identifying breaches and an action plan for quick responses to contain breaches, if any?

Checking on all the above factors during the process of outsourcing medical transcription ensures that healthcare facilities and healthcare professionals are ensured of HIPAA and HITECH compliance throughout the process.

TransDyne, a leader in the outsourced medical transcription industry has always understood the importance of securing and protecting confidential patient health information during the process of medical transcription. Measures have been taken to ensure that PHI is protected at all levels. The measures taken by TransDyne to be HITECH complaint include:

Securing people and processes:  People and processes are secured by implementing the following:

  • No sub-contractors: Work outsourced to TransDyne is executed in-house and no subcontractors are used.
  • Educating the team: The transcription team, i.e. medical transcriptionists, proof readers, language editors and the quality assurance team have been educated on the importance of protecting and securing PHI
  • Inbuilt security routines: All applications and processes have inbuilt security measures like password changes, access audits and related exercises.
  • Joint access: Most confidential databases can only be accessed by a combination of passwords of a minimum of two individuals.
  • Restricted Internet and Email access: Unlimited access to Internet can lead to security breaches. Access is limited to a few limited sites.
  • Legal Declarations: Declarations are signed by employees undertaking to maintain the security of data.
  • Security audits: Frequent audits are carried out to ensure that all procedures are followed and are effective
  • Disabling ports for removable media: Ports for using removable media have been disabled to eliminate misuse of PHI

Securing Infrastructure:  Infrastructure is secured by the following means:

  • Company owned and managed facilities
  • Manned security
  • Video surveillance


Securing Technology: Technology has been secured by use of security features like

  • All medical transcription related software applications are built in-house. 
  • Database based systems.
  • 128-bit data encryption
  • Multi-tiered application architecture
  • Design level security safeguards
  • Firewall protected networks
  • Sterilized e-mail servers
  • Denial of access procedures and
  • Multi-modal alerts

TransDyne has used their extensive background in information technology and their experience in serving the needs of the healthcare sector to provide affordable and integrated medical transcription solutions.

Among the software and tools offered by TransDyne for transcription, the smart delivery system has a large role to play in easing the path to EMR/EHR adoption The Smart Delivery system, which has features like User defined folder paths to enable easy imports to EMR systems is the suggested mode of document delivery where pre-defined file saving would help import documents to EMR systems.  Apart from this TransDyne also offers discounted rates for those healthcare facilities that provide demographic data entered in the EMR rather than through other modes.

TransDyne offers quality medical transcription at reasonable prices, executed by experienced and qualified medical transcriptionists with a very quick turnaround time executed through secure HIPAA and HITECH compliant channels, with very high levels of accuracy and all this with technology that is advanced but easy to use!              

To avail complete medical transcription services from TransDyne, click here.

No comments:

Post a Comment