Latest HIPAA Settlements draw Attention to Criticality of HIPAA Compliant Medical Transcription for caution when choosing a medical transcription service provider. Services
Recent incidents that attracted increasing HIPAA scrutiny by the HSS highlight the need
Recent incidents that attracted increasing HIPAA scrutiny by the HSS highlight the need for caution when choosing a medical transcription service provider.
MTS Transcription Services 8596 E. 101st Street, Suite H Tulsa, OK 74133 www.medicaltranscriptionservicecompany.com
(800) 670 2809
Reliable third party providers of medical transcription services know that there is no compromise when it comes to HIPAA compliance. Health IT reports that hybrid entities are coming under increasing HIPAA scrutiny by the Office for Civil Rights in the Department of Health and Human Services (HSS). Hybrid entities are those that engage in activities that fall both inside and outside of HIPAA. These entities are responsible for the clearly and accurately defined covered and non-covered components. The report highlights the case of the University of Massachusetts at Amherst which, as a hybrid entity, had to pay a fine of $650,000 due to a malware attack that compromised 1,670 records that included names, addresses, Social Security numbers and more. The breach occurred due to the UMass’ failure to properly designate its components when establishing the scope of HIPAA compliance for purposes of hybridizing. According to the Centers for Medicare and Medicaid Services, HIPAA-covered entities include all individuals and organizations that electronically transmit any health information in connection with transactions which fall under the HHS’ adopted standards. Under CMS’s definition, medical transcription outsourcing companies fall under the category of business associates (BAs). As they help HIPAA covered entities carry out their
healthcare
activities
and
functions
by
receiving
and
transcribing
medical
documents, they are bound by HIPAA rules. Healthcare organizations outsourcing medical transcription need to be extremely cautious about choosing their BAs. Failure in doing so could pose risks of a HIPAA breach, hefty fines, and most important, loss of credibility. Medical transcription related breaches frequently make headlines. In May, 2016, HIT Consultant reported on a major hospital breach at the Children’s National Medical Center which involved a former associate that provided medical transcription services between May 2014 and June 23, 2014. According to the report, on February 25, 2016, Children’s National found that a “misconfigured file site that contained patient information allowed access from the Internet to transcription documents for as many as 4107 patients via a File Transfer Protocol (FTP) server from February 19, 2016 to February 25.” Though they were contractually obligated to do so, the BAhad failed to delete all Children’s patient information after the association ended. This incident clearly indicates the risks inherent in business associate relationships and the need for healthcare providers to manage those relationships. In fact, according to a 2016 Ponemon survey in which 38% of the 535 respondents were BAs:
www.medicaltranscriptionservicecompany.com
(800) 670 2809
-
On average, every participating organization experienced one cyber attack per month over the past 12 months
-
Over 30% experienced between 6 and 50 cyberattacks
-
Just under half had incidents involving loss or exposure to patient information
-
Over 70% of the respondents experienced exploits of existing software vulnerabilities and malware attacks
-
50% or more had also faced zero-day attacks, spyware, and lost or stolen devices
-
About two-thirds of all respondents felt their organizations’ cyber security position was not effective
Nearly half (45%) of the participants said that BA agreements do not do enough to ensure the security of patient information. The important lesson that these incidents provide is that healthcare entities should take care to choose an experienced and reliable HIPAA-compliant medical transcription service company. Reliable BAs are attentive to their obligations when they undertake to perform medical transcription. They know that they are just as morally, legally, and financially liable for breaches as covered entities. Such companies adhere to HIPAA guidelines and standards to ensure that patients’ health related information is well protected. Their staff is trained on HIPAA and PHI regulations, devices on which transcripts are produced and stored have strong virus protection, and all file transfer is encrypted.
www.medicaltranscriptionservicecompany.com
(800) 670 2809