Constant technological advancements combined with health care providers who struggle to contain costs means that health care organizations are outsourcing their transcriptions to medical transcription service organiztions. MTSOs typically hire or contract with medical transcriptionists (MTs), many of whom work at home. Dictations of medical records are literally in the homes of MTs nationwide, but this process is legal and secure due to the 1996 Health Insurance Portability and Accountability Act (HIPAA) privacy rule.
Privacy, Confidentiality and Privilege
If you've been to any health care organization lately, among the piles of paperwork you completed was a form that required you to name individuals authorized to access your health records. That form is part of HIPAA. An understanding of HIPAA regulations and patient privacy rights regarding health information requires delineation be made between privacy, confidentiality and privilege. Privacy is a state of mind where one has control over disclosure of self or personal information. According to the American Association for Medical Transcription, “privilege means legal protection against being forced to violate confidentiality in a legal proceeding, such as by disclosing confidential records.” Confidentiality involves an established relationship in which private information has been shared.
HIPAA Privacy Rule
The privacy of health information is the core of HIPAA regulations. The HIPAA privacy requirement mandates that health care providers and others (MTSOs and MTs) who process medical information employ procedures to protect patient privacy and confidentiality. Some states have stricter privacy policies than HIPAA ,and that means it is in the best interest of MTSOs to abide by the higher standard. According to the U.S. Department of Health and Human Services, its Office for Civil Rights enforces the HIPAA Privacy Rule.
HIPAA Security Rule
The Office for Civil Rights states the HIPAA Security Rule establishes “a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information.” For example, when patient files are sent back and forth between an MT and the MTSO, the medical information is encrypted, or coded, to prevent the information from being readable should it be intercepted by an unauthorized user. In addition, MTSOs use security access measurements such as usernames and passwords known only to the MT and MTSO.
HIPAA and MTSOs
MTSOs are considered a “covered entity” in that these organizations process identifiable patient health information and, therefore, are responsible for maintaining confidentiality and privacy of those medical records. In addition, the patient’s data may only be used or disclosed via the patient’s written authorization. HIPAA imposes substantial administrative requirements on covered entities to protect patient privacy. One of the requirements is that the MTSO enter into a written agreement with business associates who manage identifiable patient medical information. In effect, HIPAA applies indirectly to MTs who contract with MTSOs.
HIPAA and Medical Transcription
The written agreement between MTs and MTSOs is called the business associate agreement. The MT, considered the business associate, must abide by the same privacy rules imparted by HIPAA on the MTSOs. The American Association for Medical Transcription suggests omitting identifying information of the patient within the body of the medical report, which is differentiated from the headers. For example, instead of using the patient’s actual name, although the doctor may dictate it, the MT should write, “the patient.” In addition to the patient’s name, identifying information includes address, date of birth, dates of admission and discharge, phone numbers, Social Security numbers, and more. Transcribed reports and digital voice files should be retained only for as long as necessary to conduct business.
References
- "The AAMT Book of Style for Medical Transcription"; American Association for Medical Transcription; 2002
- U.S. Department of Health and Human Services: Health Information Privacy
- U.S. Department of Health and Human Services: Understanding Health Information Privacy
