The HITECH Act was effective last month, and by now medical transcriptionists should have implemented steps for compliance. This article will give some highlights of where you should be by this time. If you’re not there yet, now is the time to get it done because it means you are out of compliance.
This list covers those who are independent contractors and/or business owners. Keep in mind that an independent contractor IS a business owner, so if you are an IC with a company of one, these rules still apply to you if you contract directly with a covered entity. If, however, you contract with a medical transcription service, then you are most likely a subcontractor to them. While you do still have to follow the rules, it’s a tad different in what you are required by law to have in place.
By now, you should have:
- Identified both a privacy and security officer for your company (this can be the same person, although it does not have to be).
- Performed a formal risk analysis of your systems, both for privacy and security.
- A set of formal written policies and procedures for all of the things related to the privacy and security rules. Within the security rule, you must at least address every point in the specifications even if you don’t institute them. When something is not done, then addressing it must show why it was not reasonable for you to do that. In that justification, you also have to show why an alternative would not work.
- Outline a strategy for disaster recovery and access to information in the event of a disaster.
- Conducted training on both privacy and security for your staff (and security training must be done annually, which should also be outlined in your policies).
- Updated your business associate contracts to add the new language required with the changes in the rules
And that’s just the start of the list! If you haven’t started on this yet, NOW is the time to make that move. Be sure you learn now what you must be doing so you are not found to be non-compliant. The law now requires audits be done to be sure people are compliant and you don’t want to be the one who gets audited and is found to have completely ignored the new rule.
Kathy Nicholls has been involved in the medical transcription industry for over 30 years and is currently the president of the HIPAA4MT Site [http://hipaa4mt.com], which offers guidance for medical transcriptionists and medical transcription companies on compliance with HIPAA and the HITECH Act. Nicholls is also the published author of the “Stedman’s Guide to the HIPAA Privacy Rule,” and is working on the second edition of that book. She is a certified medical transcriptionist and a Fellow of the Association for Healthcare Documentation Integrity.