Outsourcing transcription overseas comes with risks
In 2003, a woman in Pakistan hit the send button on a threatening email to the UC San Francisco Medical Center.
Unless the hospital paid her money she was owed from a medical transcription subcontractor, Lubna Baloch wrote, she would post confidential patient records on the Internet. And to make sure the administrators knew she wasn’t bluffing, she attached private discharge summaries for two UC San Francisco Medical Center patients, the San Francisco Chronicle reported.
This well-known case highlights the risks associated with outsourcing medical transcription overseas. At Silent Type, however, this has never been a risk we’re willing to take.
All of our work is performed by our own employees in the United States, and on company-secured equipment. This is an important distinction from a provider perspective because under the HITECH provisions of the Health Insurance Portability and Accountability Act (HIPAA), business associates are just as liable and contractually obligated to safeguard protected health information (PHI) as the provider. Both are subject to the same civil and criminal penalties. Even subcontractors of business associates face the same responsibilities and potential fiduciary and legal downsides.
Compliance with the HITECH provisions of HIPAA are greatly complicated, however, when MTSOs are offshore. That’s because foreign countries are not bound by U.S. law—HIPAA has no standing.
Even when outsourcing work to U.S.-based MTSOs, however, HIM directors need to do their due diligence. They need to make sure the companies with whom they work are taking all of the necessary precautions.
At Silent Type, we do a lot to ensure the integrity of our data security—a fact we’re always eager to share with our clients, for whom this issue is top of mind.
Protecting sensitive health information is priority one for Silent Type. We’ve built in a number of processes and measures that ensure the records we handle are closely guarded.
Silent Type regularly undergoes two levels of service organization control (SOC) audits. The first level of audit identifies opportunities for fortifying our systems so they’re protected from a breach. With the second-level audit, a team of experts reviews our equipment and connections. This third-party audit report is available for customer review and shows we are in compliance with all HIPAA regulations.
We also have a company-owned, company-secured data center—no one but authorized, HIPAA-trained employees have access—and host our own web-based document management system where documents are placed. This all ensures that Silent Type retains the tightest control over the records we keep.
We recognize the trust our clients place in us by using our services. By keeping our medical transcription services at home—and regularly scrutinizing and updating our security measures—Silent Type is working hard to safeguard sensitive health data.