HIPAA Compliance and Data Security

A health care provider that conducts certain transactions in electronic form, as a covered entity, is responsible for the privacy and security of protected health information (PHI). Therefore, PHI that is being shared must be protected under a business associate agreement 1, 2 which establishes that an outsourcing organization protect such PHI in the same way as the covered entity.

Commitment / Statement of Policy

Trans-Pacific is committed to strictest compliance with current HIPAA regulations by ensuring that all transmission and handling of information is done securely from end-to-end of the data handling process. All client-related information sent through the Internet is handled through secure systems integrating a minimum of 128-bit encryption. Transmission is handled through a variety of secure protocols that may be customized according to a client's particular preference.

All transcription work is accomplished within Trans-Pacific's facilities under a battery of requisite controls including Administrative Policies, Operational Procedures, Physical Safeguards and Technical Security combined with verifiable audit trail and tracking to ensure compliance with HIPAA.

Administrative Policies

Trans-Pacific administrative policies are designed to ensure data integrity, patient confidentiality and consistent availability for our business partners. These policies are constituted by implementing documentation that forms the framework of our verifiable information security procedures.

Administrative policies include:

  • Business Associate Contracts executed in accordance with the U.S. Department of Health & Human Services, Office of Civil Rights, National Standards to Protect the Privacy of Personal Health Information
    • To establish that any PHI transmitted and handled at any step in the delivery of services is processed with the same requisite level of data protection as the covered entity from which data is originating
    • This agreement is executed with our USA offices, located at 9500 7th Street, Suite P, Rancho Cucamonga, CA 91730 and is further executed to encompass our Philippines Offices at 2206 Prestige Tower, Emerald Avenue, Pasig City, Philippines.
    • This also provides an initial step in audit and accountability tracking
  • Confidentiality and Proprietary Information (CPI) Agreements for data handling and staff responsibilities and accountabilities including:
    • Precluding any duplication or reproduction of all PHI and related information
    • Precluding any unauthorized use, direct or incidental, about potential and actual customers and their information
    • Precluding any disclosure to any unauthorized entities during employment and at anytime after separation from the company for whatever reason.
    • Precluding contact of any customers for a period of one year from separation from the organization
  • Trans-Pacific Operations handbook
    • Delineating general operational procedures including data security procedures
  • Operations Guidelines and Updates issued periodically or as necessary
    • Delineating operational procedures including specific data security procedures and client-specific guidelines

Physical

Trans-Pacific facilities are built to ensure data integrity incorporating multiple and redundant physical security measures to prevent unauthorized access from primary to subsequent levels to all assets including facility premises, operations areas, data servers and individual workstations. These measures include 24-hour armed security services, use of ID cards, redundant physical locks, biometric access recording & logs and on-site as well as remote monitoring by administration personnel. Operations server databases are housed inside further physically-secured facilities as well as in off-site locations accessed by secure software with inherent protection capabilities as detailed in the Software Transmission section.

Software Transmission

Trans-Pacific data transmission software packages are built and designed to ensure data integrity. These packages incorporate multiple and redundant software security measures to prevent unauthorized access to data using a minimum of 128-bit encryption over multiple software platforms for internet transmission including Secure Socket Layer (SSL) technology. Higher levels of encryption, if desired, also are available.

[1] Business Associate Contract in accordance with the U.S.Department of Health & Human Services, Office of Civil Rights, National Standards to Protect the Privacy of Personal Health Information.
http://www.hhs.gov/ocr/hipaa/contractprov.html

[2] A covered entity is permitted to disclose PHI to a business associate if the covered entity obtains satisfactory assurances in the form of a written contract or agreement that the business associate will "appropriately safeguard" the information. Section 164.504(e) of the rule sets out the requirements for the business associate's agreement. One provision of the agreement must be the business-associate explicit agreement to ensure that any agents or subcontractors to whom it provides PHI agree to the same restrictions and conditions about using and disclosing the PHI that the business associate itself agreed to (see section 164.504(e)(2)(ii)(D) of the rule).

[3] The process of encryption hides data or the contents of a message in such a way that the original information can be recovered through a corresponding decryption process. Encryption and decryption are common techniques in cryptography, the scientific discipline behind secure communications. -Bradley Mitchell, About Computing and Technology

All medical transcription work is managed through as much as a three-tiered verification process that includes review by certified Unites States Medical Licensing Examination-certified physician review before the finished product is delivered to our clients. On-going training and cross-section reviews between teams of medical transcriptionists and editors are conducted regularly in pursuit of constantly improving the quality level of our work.

At Trans-Pacific, our primary focus is customer satisfaction. We keep ourselves challenged through proactive involvement with our product development process. In addition to computers equipped with high quality sound cards and headphones, our Transcriptionists have access to the latest editions of books in all specialties, including dictionaries, drug indexes, textbooks on internal medicine, pharmacology, surgery and laboratory diagnostics. Although we strive to use the best technology available, we never forget that the best solutions come from collaboration our customers who know what is best.
© 2007 Trans-Pacific Medical. All Rights Reserved.