| Health Information Technology for Economy and | | | | - Identify the compliance requirements specific to |
| Clinical Health (HITECH) act providing for privacy | | | | their organization |
| and security of patient health information was | | | | - Carry out a risk analysis that includes the total |
| enacted on 17th February 2009, as part of the | | | | flow of Patient Health Information (PHI) during the |
| American Recovery and Reinvestment Act. | | | | process of transcription. This needs to include the |
| (ARRA). The HITECH act has become effective | | | | beginning of the process, all the steps in between |
| on 17th February 2010. | | | | up to the conclusion of the process, namely: |
| HITECH has improved and expanded on the | | | | |
| concerns and issues addressed by HIPAA (Health | | | | 1. Collection of dictation |
| Insurance Portability and Accountability Act). | | | | 2. Transmission of audio files |
| HITECH has added new requirements concerning | | | | 3. Distribution of audio files for transcription |
| privacy and security for health information that | | | | 4. Shared access for quality checks |
| materially and directly affects many entities, | | | | 5. Transmission of transcripts back to the |
| businesses, and individuals in ways more diverse | | | | healthcare professionals |
| than HIPAA | | | | 6. Archiving |
| How does HITECH affect medical transcription | | | | - Identify the high-risk areas and look at the |
| service providers? | | | | current risk containment measures. Revise the |
| HITECH has added as 'Business Associates', | | | | measures to ensure that they are in tandem with |
| organizations that transmit protected Health | | | | current requirements and latest technology, |
| Information and require access on a regular basis | | | | making sure there are no loopholes to allow for |
| to such information. | | | | breaches |
| Medical transcription is the process of converting | | | | - Ensure that employees and any third parties |
| audio records of the patient-healthcare | | | | having access to PHI are fully trained on the |
| professional encounter into text format. The | | | | privacy and security requirements. Make them |
| process of transcription is made efficient and cost | | | | aware of their role in protecting PHI |
| effective when outsourced to a professional | | | | - Review existing relationships between covered |
| service provider. Medical transcription service | | | | entities and develop a continuing compliance |
| providers come under the purview of HITECH as | | | | strategy |
| business associates, as they have access to | | | | - Develop a strategy to minimize breaches, an |
| patient health information and are involved in the | | | | early detection plan for identifying breaches and |
| process of transmitting this data back and forth | | | | an action plan for quick responses to contain |
| during the process of transcription. | | | | breaches, if any |
| What are the steps to be taken by a service | | | | While outsourcing medical transcription, it has |
| provider to ensure compliance with the HITECH | | | | become important for healthcare facilities to |
| act? | | | | ensure that the service provider is fully aware of |
| To be compliant with the HITECH act, the | | | | the requirement to protect the PHI under the |
| transcription service provider needs to implement | | | | HITECH act and have measures in place to |
| the following: | | | | ensure compliance. |