MedQuist Inc. (Nasdaq: MEDQ), a leading provider of technology-enabled clinical documentation services, issued a statement today outlining its readiness for the extension of Health Information Portability and Accountability Act (HIPAA) security provisions in February 2010 to firms deemed "business associates" of healthcare providers, as well as the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act addressing the privacy and security of protected health information (PHI).
For the past several years, MedQuist has had standards and safeguards (Standards and Safeguards) in place to protect PHI for both domestic and offshore transcription work. MedQuist has continuously reviewed and strengthened its Standards and Safeguards to ensure HIPAA compliance, and requires that its domestic and offshore transcriptionists adhere to the Standards and Safeguards. These Standards and Safeguards distinguish the company from most other medical transcription providers, as highlighted by a recent survey by the Healthcare Information and Management Systems Society (HIMSS) Analytics group, which suggested that at least one-third of healthcare business associates -- specifically citing service providers of medical transcription -- are not aware of their need to meet strict new requirements.
Transparency, state-of-the-art technology, and a set of strict Standards and Safeguards are the key principles driving MedQuist's compliance with and adherence to the new accountabilities of the HITECH Act and those of a Business Associate now directly subject to HIPAA. Standards and Safeguards related to PHI have been implemented across the full range of the company's business operations, including:
Overall Business Process, Transparency & Architecture
Whether performed with domestic or offshore labor, unless otherwise specified by the customer, all transcription and editing work is processed through MedQuist's DocQment Enterprise Platform®, a centralized and secure workflow platform. This approach allows single-point control and visibility.
MedQuist has complete transparency with its customers relating to the production of its transcription -- the customer designates and knows whether work is to be performed domestically, offshore or both.
Offshore work is performed in a center-based model. Unlike many other offshore suppliers, no remote or home-based transcription is permitted, in order to maintain strong security control.
MedQuist utilizes an independent accounting firm to perform an ongoing audit of its offshore operations and performance to ensure compliance with its Standards and Safeguards.
Physical Security
MedQuist's offshore physical locations deploy a host of security tools. These include biometric access and identity checks to facilities and equipment, facility access rules and limitations on a 24/7 basis, and rigorous logging procedures.
Technical Security
MedQuist's entire IT infrastructure supporting its service operations is independent, secure, and fully documented.
Access to workstations and servers is controlled through a combination of unique login/password settings, biometrics, and prohibitions on e-mail, instant messaging, and printer access.
Damaged hard drives and electronic media are handled according to DOD 5220 standards for electronic data shredding, or physical destruction when shredding is not possible. All MedQuist hardware is subject to full control logging.
Human Resources & Auditing
All employees are required to execute PHI confidentiality agreements.
All MedQuist partners execute a business associate agreement.
An ongoing training program has been established on HIPAA requirements.
MedQuist assigns a privacy compliance specialist to its own business partners to ensure that privacy and security standards are upheld.
"As one of the leading global transcription services firms in healthcare, we have been uniquely focused on setting the highest standards for our people and our systems," says Peter Masanotti, MedQuist CEO. "We believe we have the most comprehensive and strongest privacy and security program in the transcription services industry. The Standards and Safeguards that we have established position us to meet the requirements of the HITECH Act and to continue to meet the requirements of HIPAA."
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment