|
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
was a result of congressional healthcare reform proponents to reform
healthcare. The HIPAA legislation has four primary objectives.
Assure health insurance portability by eliminating job-lock due to
pre-existing medical conditions
Reduce healthcare fraud and abuse
Enforce standards for health information
Guarantee security and privacy of health information
Of the four primary objectives, the fourth objective has the most
impact on medical transcription.
What is the deadline for HIPAA compliance?
The rule requires that healthcare organizations insurers and payers
that have been using any electronic means of storing patient data
and performing claims submission must comply with the this rule by
April 14, 2003. Since medical transcription deals with electronic
means of handling and storing patient data, April 14, 2003 is the
deadline by which medical transcription service organization (MTSO)
must comply with the HIPPA requirement.
What are the important requirements of HIPAA for a medical
transcription company?
MTSOs must be able to support two requirements.
Ensure the security and confidentiality of the patient’s Protected
Health Information (PHI), and
Maintain an audit trail of all individuals who have had access to a
PHI.
This means that transcription service providers must implement
technology and business processes in their operation to support
these two key requirements.
Can the Internet be used for medical transcription and still meet
HIPAA requirements?
Yes, as long as the MTSO uses encryption and password protection to
prevent unauthorized access to the PHI. Dictations done on a
telephone does not need to be encrypted. However, voice files
transmitted by portable recorders should be encrypted prior to
transmission over the Internet.
Transcribed documents must be sent back to the healthcare provider
in a secure manner using encrypted email or a secure Web site or may
be faxed with a disclaimer statement explaining the confidential
nature of the document.
If tapes are used to record dictations, will this meet HIPAA
regulations?
This may cause a problem. There is no easy way to create and verify
an audit trail of who has had the tape and who listened to the PHI
on the tape. If the tape is lost, one cannot guarantee the security
of the information on it.
Who and what is a Covered Entity and a Business Associate?
HIPAA defines a Covered Entity (CE) as a health plan, a healthcare
clearinghouse, or a healthcare provider who transmits any health
information in electronic form in connection with a HIPAA
transaction. A physician’s office or medical clinic would fall under
the category of a Covered Entity.
A Business Associate (BA) is a person or organization that performs
a function or activity on behalf of the Covered Entity (CE), but is
not a part of the covered entity’s work force. A medical
transcription service provider would be classified under the
definition of a Business Associate.
Who is liable for privacy violation under HIPAA?
Civil and criminal penalties can be imposed for noncompliance with
HIPAA. The imposition of these penalties are against Covered
Entities (e.g. healthcare provider) but not directed directly
against Business Associates (e.g. medical transcription service
organization).
Healthcare providers should ask their transcription company about
their privacy and security regulations and ensure that they are
contractually obligated to comply with these regulations.
What rights does the patient have under HIPAA?
HIPAA provides the patient with many new rights in relation to their
healthcare documentation. Some of them are:
Review his/her entire medical record
Request changes within documentation, which can be denied by
physician for specific reasons
Request documentation of every time his or her PHI was accessed,
along with identity of the individual accessing the document with
specific reason for doing so
To know how much of the PHI information was shared
What the facility (Covered Entity’s) policies and procedures are for
security and privacy
When the patient becomes aware of these rights you should be
prepared to deal with any legitimate requests the patient may have.
Read Our HIPAA Compliance Statement
|
|
