Medical transcription outsourcing: Going the HITECH way!

Health Information Technology for Economy and Clinical Health (HITECH) act providing for privacy and security of patient health information was enacted on 17^th February 2009, as part of the American Recovery and Reinvestment Act. (ARRA). The HITECH act has become effective on 17^th February 2010.

HITECH has improved and expanded on the concerns and issues addressed by HIPAA (Health Insurance Portability and Accountability Act). HITECH has added new requirements concerning privacy and security for health information that materially and directly affects many entities, businesses, and individuals in ways more diverse than HIPAA

How does HITECH affect medical transcription service providers?

HITECH has added as ‘Business Associates’, organizations that transmit protected Health Information and require access on a regular basis to such information.

Medical transcription is the process of converting audio records of the patient-healthcare professional encounter into text format. The process of medical transcription is made efficient and cost effective when outsourced to a professional medical transcription service provider. Medical transcription service providers come under the purview of HITECH as business associates, as they have access to patient health information and are involved in the process of transmitting this data back and forth during the process of transcription.

What are the steps to be taken by a medical transcription company to ensure compliance with the HITECH act?

To be compliant with the HITECH act, the medical transcription service provider needs to implement the following:

Identify the compliance requirements specific to their organization

Carry out a risk analysis that includes the total flow of Patient Health Information (PHI) during the process of transcription. This needs to include the beginning of the process, all the steps in between up to the conclusion of the process, namely:

1. Collection of dictation
2. Transmission of audio files
3.  Distribution of audio files for transcription
4. Shared access for quality checks
5.  Transmission of transcripts back to the healthcare professionals
6. Archiving

Identify the high-risk areas and look at the current risk containment measures. Revise the measures to ensure that they are in tandem with current requirements and latest technology, making sure there are no loopholes to allow for breaches

Ensure that employees and any third parties having access to PHI are fully trained on the privacy and security requirements. Make them aware of their role in protecting PHI

Review existing relationships between covered entities and develop a continuing compliance strategy

Develop a strategy to minimize breaches, an early detection plan for identifying breaches and an action plan for quick responses to contain breaches, if any

While outsourcing medical transcription, it has become important for healthcare facilities to ensure that the service provider is fully aware of the requirement to protect the PHI under the HITECH act and have measures in place to ensure compliance.

TransDyne a leader in the outsourced medical transcription industry has always understood the importance of securing and protecting confidential patient health information during the process of medical transcription. Measures have been taken to ensure that PHI is protected at all levels. The measures taken by TransDyne to be HITECH compliant include:

Securing people and processes:  People and processes are secured by implementing the following:

1.     No sub-contractors: Work outsourced to TransDyne is executed in-house and no subcontractors are used.

2.     Educating the team: The transcription team, i.e. medical transcriptionists, proof readers, language editors and the quality assurance team have been educated on the importance of protecting and securing PHI

3.     Inbuilt security routines: All applications and processes have inbuilt security measures like password changes, access audits and related exercises.

4.     Joint access: Most confidential databases can only be accessed by a combination of passwords of a minimum of two individuals.

5.     Restricted Internet and Email access: Unlimited access to Internet can lead to security breaches. Access is limited to a few limited sites.

6.     Legal Declarations: Declarations are signed by employees undertaking to maintain the security of data.

7.     Security audits: Frequent audits are carried out to ensure that all procedures are followed and are effective

8.     Disabling ports for removable media: Ports for using removable media have been disabled to eliminate misuse of PHI

Securing Infrastructure:  Infrastructure is secured by the following means:

Company owned and managed facilities

1.     Manned security

2.     Video surveillance

Securing Technology: Technology has been secured by use of security features like

1. All medical transcription related software applications are built in-house. 
2. Database based systems.
3. 128-bit data encryption
4. Multi-tiered application architecture
5. Design level security safeguards
6. Firewall protected networks
7. Sterilized e-mail servers
8. Denial of access procedures and
9. Multi-modal alerts

TransDyne offers quality medical transcription at reasonable prices, executed by experienced and qualified medical transcriptionists with a very quick turnaround time executed through secure HIPAA and HITECH compliant channels, with very high levels of accuracy and all this with technology that is advanced but easy to use!          

To avail complete medical transcription services from TransDyne, click here.