Dic2Doc HIPAA ComplianceThis is to put on record that Dic2Doc, adheres to all the HIPAA regulations related to Electronic Transmission of PHI (Patient Health Information). We use the best technologies for handling Protected Healthcare Information (PHI) and enabling secure Medical Transcription workflow, adhering to all the applicable and relevant HIPAA norms. The PHI we handle on behalf of our clients exists in two forms viz., audio and (transcribed) documents. All client / patient data, audio file storage, transcribed document file storage, data storage and document management either confirms to or exceeds HIPAA regulation norms. To elucidate this further, we have explained below the security arrangements that we have made and how they are brought into play at various levels of the work that we help you carry out on our platform.
At Dic2Doc, the emphasis on security starts right at the first point of contact with our prospective clients. So, when a prospective client first signs up to use our service, we ask them to enroll using a sign up module which is specifically designed to capture the clients details. This module has a double layered security protection. The entire data capture is secured by the Secure Socket Layer (SSL) and encryption technology provided to us by "Thawte". The clients financial information capture is done in this SSL environment but here the protection and security is further strengthened by the extremely stringent "SecurityMetrics" security service. After the data is captured, its storage on our server too is safeguarded by "SecurityMetrics".
Your clients i.e. the end users of our dictation recording service platform have two options to send their audio files. They can do so by using one of the following two methods: 1) Using our Our Dial In Dictation Recording Server(s) use dedicated Toll Free Numbers (TFN) not known to the external world. So, these TFNs are known only to you and your clients. Additionally, each dictator is issued / allocated a unique access code (AC) for accessing our toll free dictation recording system. This TFN and AC act like a username and password combination. So, each individual dictator needs to know the toll free number and access code combination to be able to access and use our dictation system. It is impossible to access the server, If that is not available. 2) Using the Alternatively, they can send us audio files recorded on a digital hand held recorder using our SFU which is also secured by the SSL and encryption technology provided to us by "Thawte". It acts like a shield against any form of hacking or data theft attempts.
All Dic2Doc servers are protected by their individual firewalls which prevent unauthorized access and shield our servers from all kinds of online vulnerabilities. This makes our dictation recording server(s) extremely safe and secure. Additionally all our servers are password protected and so only the authorized person is granted access for administration, back up and maintenance purposes. Password protection also helps in restricting unauthorized access to data and other resources present on the servers. Since random access is prohibited, it automatically rules out unauthorized viewing, editing, printing, deleting, or copying of any files / data from our servers. We have extensive logging of all transactions to prevent, detect & restrict all possible security breaches.
Once the files are recorded we use an encryption mechanism, which encrypts the recorded files before they are transmitted through the Internet. The transmission is through secure and dedicated (not shared) web space solely managed and used by Dic2Doc. It is done in exactly the same manner as we do in SFU (explained above), transcribed files too are transferred with the protection rendered by the SSL and encryption technology provided to us by "Thawte".
The transcribed documents are archived on a secure server which like the dictation server is directly under our control. Each client is given a specific Username (UN) and Password (PW) combination using which they can access their reports from our website. Amongst all the data transmission methods we discourage our clients from using emails although transmission by fax continues to be a safe alternative. The responsibility of safeguarding the PHI after it is downloaded by you or your clients is the sole responsibility and prerogative of the one who downloads it. We also have policies to handle the task of deleting and purging PHI from our archives when a customer cancels the service.
Our systems are regularly monitored and subjected to internal audits. Technical evaluations are performed on a routine basis to make sure all systems meet specified security requirements as outlined in our internal policies.
On the employee front, the access to PHI (Patient Health Information) is provided based on the rank of a person within the organization. Each individual employee has a distinctly different set of rights and priorities based on that individuals rank and position. All employee access configurations are stored securely on the work flow processing server. This server is also programmed to keep a time-audit-trail of all the individual employees who access the PHI. So, in short, each individual employee is given only that much access as is necessary for completing their task. So whatever an employee does with that information is recorded on the company's central database server. We also have established procedures and policies in place for closing system access to out going employees. All entry, login and access rights are removed when an employee parts ways with the company. |
|
