Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA), signed into federal law in 1996, sets national standards regarding security and privacy of a person's health information and defines provisions for electronic data interchange.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was a result of congressional healthcare reform proponents to reform healthcare.

The HIPAA legislation has four primary objectives.

• Assure health insurance portability by eliminating job-lock due to pre-existing medical conditions.
• Reduce healthcare fraud and abuse.
• Enforce standards for health information.
• Guarantee security and privacy of health information.

Of the four primary objectives, the fourth objective has the most impact on medical transcription.

Typing Services of Houston

Typing Services of Houston is committed to providing the highest level of security, integrity, and privacy of confidential health information. Every effort is taken to ensure the confidentiality of every document we transcribe. We provide end-to-end encryption of all voice and data files transmitted to strictly adhere to HIPAA requirements. Our internal procedures for privacy and security meet and exceed all HIPAA regulations related to Electronic Transmission of Patient Information. While transcribing dictations, we adhere to and follow the norms prescribed in the "Book of Style" for Medical Transcription by the American Association for Medical Transcription.

Can the Internet be used for medical transcription and still meet HIPAA requirements?

Yes, as long as the MTSO uses encryption and password protection to prevent unauthorized access to the PHI. Dictations done on a telephone do not need to be encrypted. However, voice files transmitted by portable recorders should be encrypted prior to transmission over the Internet. Transcribed documents must be sent back to the healthcare provider in a secure manner using encrypted email or a secure FTP site or may be faxed with a disclaimer statement explaining the confidential nature of the document.

Privacy:

• We will not provide access to any files on our system to any other person other than those authorized by the originator of the dictation.
• We will not release any files directly to a patient.
• The responsibility for enabling the patients to control their health records including access, disclosures, "minimum necessary" standard, consent and authorization, etc. resides with the medical professional who initiated that document.

What is the deadline for HIPAA compliance?

The rule requires that healthcare organizations insurers and payors that have been using any electronic means of storing patient data and performing claims submission must comply with the this rule by April 14, 2003. Since medical transcription deals with electronic means of handling and storing patient data, April 14, 2003 is the deadline by which medical transcription service organization (MTSO) must comply with the HIPAA requirement.

What are the important requirements of HIPAA for a medical transcription company?

MTSOs must be able to support two requirements.

• Ensure the security and confidentiality of the patient’s Protected Health Information (PHI),
• Maintain an audit trail of all individuals who have had access to a PHI. This means that transcription service providers must implement technology and business processes in their operation to support these two key requirements.