HIPAA for Medical Transcription: Where You Should Be By Now

The HITECH Act was effective last month, and many of you have written to ask what you should have done by this time to be compliant. This post will give some highlights of where you should be by this time. If you’re not there yet, now is the time to get it done because it means you are out of compliance.

This list covers those who are independent contractors and/or business owners. Keep in mind that an independent contractor IS a business owner, so if you are an IC with a company of one, these rules still apply to you if you contract directly with a covered entity. If, however, you contract with a medical transcription service, then you are most likely a subcontractor to them. While you do still have to follow the rules, it’s a tad different in what you are required by law to have in place.

By now, you should have:

• Identified both a privacy and security officer for your company (this can be the same person, although it does not have to be).
• Performed a formal risk analysis of your systems, both for privacy and security.
• A set of formal written policies and procedures for all of the things related to the privacy and security rules. Within the security rule, you must at least address every point in the specifications even if you don’t institute them. When something is not done, then addressing it must show why it was not reasonable for you to do that. In that justification, you also have to show why an alternative would not work.
• Outline a strategy for disaster recovery and access to information in the event of a disaster.
• Conducted training on both privacy and security for your staff (and security training must be done annually, which should also be outlined in your policies).
• Updated your business associate contracts to add the new language required with the changes in the rules

And that’s just the start of the list! If you haven’t started on this yet, NOW is the time to get something going. The law now requires audits be done to be sure people are compliant and you don’t want to be the one who gets audited and is found to have completely ignored the new rules.

What have you done in your workplace to be sure these things are in place?

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Tagged with: business associate • covered entity • HIPAA Compliance • HIPAA privacy rule • HIPAA security rule • HITECH Act • how can I assure compliance • how to be HIPAA compliant

Filed under: Business Associates • HIPAA • HITECH Act • Privacy Rule • Risk Analysis • Security Rule • Training

Like this post? Subscribe to my RSS feed and get loads more!