Medical transcription: What is meant by HIPAA compliant systems?

HIPAA protects the health insurance coverage of workers when they lose employment or change their employers. HIPAA also covers the privacy of identifiable health information (PHI- Personal Health Information) regardless of the format in which it exists, including electronic, written or verbal.

 HIPAA applies to:

• Health care providers
• Health plans
• Health care clearinghouses 
• Any such third parties that perform services involving PHI or exchange electronic data on behalf of the healthcare facility.

Under the last category HIPAA applies to medical transcription service providers, as they are involved in providing a service that involves the electronic transmission of PHI.

HIPAA and outsourced medical transcription

As already stated HIPAA applies to medical transcription because medical transcription is the process of creating records of the patient-healthcare professional encounter.  And the process of outsourcing medical transcription to a medical transcription service provider would involve:

• Uploading audio files  (narration of patient-healthcare professional encounter) to the server
• Transmission of audio files
• Downloading the audio files
• Transcribing the audio files
• Transmission of the finished transcripts
• Downloading the finished transcripts by the healthcare facility.

Considering the procedure involved security of data is applicable at all stages:

1. When Data is at rest: This would be safety of data when it is stored prior to transmission to the medical transcription service provider and when the finished transcripts are stored before transmitting back to the healthcare facility.

2. When Data is in motion: This would include safety of data during uploading audio files, transmission of audio files, downloading audio files and transmission of finished transcripts

3. When Data is in use:  This would involve safety of data when the audio files are being transcribed.

4. When Data is disposed:  This would involve safely disposing of defunct files in such a way to ensure that they are completely destroyed and cannot be accessed by unauthorized entities.

How does TransDyne ensure HIPAA compliance?

·       Use of the right systems and software: The use of 128-bit data encryption, multi-tiered application architecture, design level security safeguards, firewall protected networks, sterilized e-mail servers, denial of access procedures and multi-modal alerts safeguards data when it is at rest and when data is in motion.

·       Use of processes: Use of processes like company owned & managed facilities, not engaging any sub-contractors, employing manned security at the entry/exit points, round-the-clock video surveillance and the lack of removable storage media protect the data in use. The other measures taken for ensuring security of data in use are limiting the access to the application by User ID and an encrypted password. Access to files is limited based on the user's role. Once a user is logged in, if no activity is performed for certain time, the user is automatically logged out of the system. This ensures that there is complete security of data when it in use.

·       Educating people: Educating people on the importance and procedures for HIPAA compliance gives them a professional outlook. Having them give a commitment in writing further ensure HIPAA compliancy. This protects the data in all stages.

TransDyne believes in maintaining security standards that not only meet HIPAA standards, but also exceed them.  Not only HIPAA compliance of outsourced medical transcription services, TransDyne ensures accuracy of above 99%, guaranteed turnaround time of 24 hours with an option of 4-12 hour turnaround time for STAT reports at a very reasonable price!

To know more about the total TransDyne advantage please click here