Data security and medical transcription are interconnected
Health care data breaches are becoming a regular occurrence. In fact, an Experian report forecasts that the health care industry will be the most susceptible industry “by far” for hackers in 2014.
Hospitals not only need to worry about securing data on their own servers, but also securing data that belongs to them but that is stored on the servers of a third party, such as a medical transcription service organization.
Such service providers are legally responsible for securing protected health information (PHI). Under the HITECH provisions of the Health Insurance Portability and Accountability Act (HIPAA), business associates are just as liable and contractually obligated to safeguard PHI as the provider. Both are subject to the same civil and criminal penalties. Even subcontractors of business associates face the same responsibilities and potential fiduciary and legal downsides.
Compliance with the HITECH provisions of HIPAA are greatly complicated, however, when MTSOs are offshore. That’s because foreign countries are not bound by U.S. law. HIPAA has no standing.
Even when outsourcing work to U.S.-based MTSOs, however, HIM directors need to do their due diligence. They need to make sure the companies with whom they work are taking all of the necessary precautions.
Protecting sensitive health information is priority one for Silent Type. We’ve built in a number of processes and measures that ensure the records we handle are closely guarded.
First, all of our work is performed by our own employees in the United States, and on company-secured equipment.
Second, Silent Type regularly undergoes two levels of service organization control (SOC) audits. The first level of audit identifies opportunities for fortifying our systems so they’re protected from a breach. With the second-level audit, a team of experts reviews our equipment and connections. This third-party audit report is available for customer review and shows we are in compliance with all HIPAA regulations.
Third, we also have a company-owned, company-secured data center—no one but authorized, HIPAA-trained employees have access—and host our own web-based document management system where documents are placed. This all ensures that Silent Type retains the tightest control over the records we keep.
We recognize the trust our clients place in us by using our services. By keeping our medical transcription services at home—and regularly scrutinizing and updating our security measures—Silent Type is working hard to safeguard sensitive health data.