When it comes to using medical dictation services, healthcare professionals may have legitimate concerns about confidentiality and legal compliance. When converting medical content to text, transcriptionists are entrusted with sensitive patient health information (PHI), and are therefore required to provide HIPAA compliant dictation services.

What Is HIPAA?

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a federal statute that protects PHI. HIPAA laws are comprehensive and apply to:

• Healthcare clearinghouses
• Health plans
• Healthcare providers

There are key mandates of HIPAA that medical transcriptionists must follow, including the Privacy Rule, which sets national standards for disclosure of PHI, and the Security Rule, which defines the technical safeguards that must be used when transferring e-PHI (electronic protected health information).

Failure to comply with HIPAA standards can result in heavy civil and criminal penalties that are decided on a case-by-case basis, depending on which offense was committed.

HIPAA offenses include:

• Knowingly acquiring and disclosing identifiable PHI
• Knowingly acquiring and disclosing identifiable PHI under false pretenses
• Knowingly acquiring and disclosing identifiable PHI with the intent to sell or misuse the information for personal gain or commercial use

Medical Transcription and HIPAA Compliance

When outsourcing medical transcription, HIPAA’s Privacy Rule requires a formal agreement that guarantees the safeguarding of PHI. This contract is between a Covered Entity and a Business Associate, and is called a Business Associate Agreement (BAA). A Covered Entity could be a healthcare provider, for example. The Business Associate would be the transcription company or service being employed to perform HIPAA-compliant dictation services.

HIPAA requires that Covered Entities use specific measures to ensure proper safeguarding of PHI, including:

• Addressing confidentiality standards of the Business Associate
• Defining how the Business Associate should enforce privacy measures on technical and physical levels
• Minimizing the disclosure of PHI to the Business Associate as much as possible
• Obtaining written consent to use PHI from the individual whose information is being disclosed

As a result of technological advancements, it is now imperative Business Associates meet the security demands of Covered Entities under HIPAA and willingly enter into a BAA. To meet the requirements, Business Associates should provide encryptions or password protection when transferring audio files or transcribed content. These security measures apply to the Covered Entity and Business Associate.

Learn more about HIPAA for professionals at the Department of Health and Human Services.

Here at Preferred Transcriptions, we proudly provide HIPAA-compliant medical transcription services and routinely enter into BAAs with Covered Entities. We are happy to answer any security-related questions and assist you with your professional needs.

Contact us today to discuss our HIPAA security measures.