What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was a result of congressional healthcare reform. HIPAA legislation has four primary objectives.

1. Assure health insurance portability by eliminating job-lock due to pre-existing medical conditions

2. Reduce healthcare fraud and abuse

3. Enforce standards for health information

4. Guarantee security and privacy of health information

The fourth objective is that which most pertains to Medical Transcription operations and services.

What are the important requirements of HIPAA for a medical transcription company?

Medical Transcription Services must be able to support two requirements.

1. Ensure the security and confidentiality of the patient's Protected Health Information (PHI)

2. Maintain an audit trail of all individuals who have had access to a PHI. This means that transcription service providers must implement technology and business processes in their operation to support these two key requirements.

Can the Internet be used for medical transcription and still meet HIPAA Requirements?
The internet is a powerful tool that can be used for audio file upload and text file download as long as the MTS uses encryption and password protection to prevent unauthorized access to the PHI. Dictations done via telephone do not need to be encrypted. However, voice files transmitted by portable recorders should be encrypted prior to transmission over the Internet. Transcribed documents must be sent back to the healthcare provider in a secure manner using encrypted email or a secure FTP site or may be faxed with a disclaimer statement explaining the confidential nature of the document.

If cassette tapes are used to record dictations, will this meet HIPAA regulations?
This may cause a problem. There is no easy way to create and verify an audit trail of who has had the tape and who listened to the PHI on the tape. If the tape is lost, one cannot guarantee the security of the information on it.