At Star Transcriptions, protecting Patient Healthcare Information (PHI) is our highest priority along with providing high transcription accuracy and rapid turn-around delivery. To achieve the goal, we have policies in place for:
- Securing office
premises and equipment.
- Training employees and
holding them accountable for safeguarding PHI.
- Instituting security measures for electronic data interaction (EDI).
Some of the measures we have taken are:
At our partner facilities, we have 24X7 security personnel manning offices.
2. We process the entire transcription work in our offices and we don’t have any sub-contractors and hence the patient information doesn’t leave our offices.
3. All the external drives including floppy disk drives are disabled on each computer.
4. Our computers require passwords to start Windows and another password to access Word files.
5. We have firewalls and antivirus software on all the computers and we update virus definitions frequently.
6. Any paper copies of reports and patient schedules are cross-cut shredded on site.
7. Monthly back-ups of computer systems will be done and stored in a locked outbuilding on our
8. All facilities are equipped with smoke alarms and fire extinguishers.
9. We currently require all our employees to sign a confidentiality and non-disclosure agreement.
10. We maintain up-to-date contractual agreements with our partners and business associates.
11. We have instituted security measures to protect the security and integrity of protected information according to HIPAA guidelines (Department of Health & Human Services Standards for Electronic Transactions 45 CFR Parts 160 and 162 dated Aug 17, 2000).
12. All client related information when using the Internet is handled in secure 128-bit SSL encryption.
13. All the chart delivery and management system is through secure 128-bit SSL encryption and with Verisign certification.
14. Star Transcriptions has administrative procedures in place to guard data integrity, patient confidentiality, and document availability. (Information Access Control and Access Authorization).
15. To prevent unauthorized use, security devices are employed to prevent theft and/or vandalism of any information stored on our systems.
16. Technical evaluations are performed on a routine basis to make sure all systems meet or exceed specified security requirements.
17. All persons, administrators and transcriptionists, who have access to any sensitive information, patient records, or voice files, etc., have the appropriate clearances and have signed confidentiality agreements
18. We have provided privacy, security, and confidentiality awareness training to our entire workforce. Our compliance decisions are based on sound business practices and meet and exceed HIPAA.
19. All our vendors such as FTP site, web-hosting company, ISP, digital conversion company etc. must be HIPAA knowledgeable and compliant.