HIPAA and HITECH: What’s a Medical Transcriptionist to do?
Medical transcriptionists have been dealing with HIPAA rules for quite some time now. Long before HIPAA, we understood the need for confidentiality when it came to the records we transcribe. HIPAA came in with much less of a bang than anticipated for many of us as we found that the things we now were “supposed” to do were things we were already doing.
In February 2010, the HITECH Act became effective, which has had great impact on the HIPAA Privacy and Security Rules. It needs some more specific addressing than what I believe we are currently seeing in our industry. Because of that, and because I am in the process of updating my HIPAA book that I did in 2005, I have started a website specifically to talk about HIPAA, HITECH, and how it impacts our industry. There are several things available there, including some upcoming training on these new laws, for MTs, for employers, and for businesses who now find themselves trying to figure it all out.
In the past week, I received an agreement in the mail for a company where I had been doing some consulting work as an independent contractor. Mind you, it’s not transcription, but the company does do things in the industry. The agreement was a “new” business associate agreement, which identified me as a business associate and the company (a technology vendor) as a covered entity. After a lot of back and forth dialogue, I chose not to sign the agreement and to discontinue our relationship. Why is that? Prior to the changes with the HITECH Act, it may not have mattered as much what we were called. Sometimes independent contractors were called contractors, sometimes agents, sometimes subcontractors, and yes, sometimes even business associates. Now it matters! If you are a business associate, you have a long list of things you need to be sure you have in place. You have to do risk analyses of the security of your systems, you have to have written policies and procedures, and the list goes on and on. Most ICs that I know don’t go to that detail.
I’ve heard people saying “this won’t be any different than HIPAA so why bother?” Here’s a little bit of why: The law now requires that audits be conducted to be sure covered entitities AND business associates are compliant. The law requires an annual report to Congress about how many audits were done, what fines were levied, and if no fines, an explanation. It also requires an annual evaluation for recommendations for changes. I don’t want to find myself having signed something that has misclassified me and having someone knock on my door one day to do an audit of my practices.
I hope medical transcriptionists will sit up and take notice. This stuff is important and it IS different than what we have been working with in the past.
I hope you will join me at HIPAA4MT as we wade through making sense of all of the new regulations and how they apply to us. There, you can signup for the mailing list and receive updates as they are available on the site. There are a couple of posts there already so you can get started reading. Hope to see you there!
Have you seen changes in your workplace in the last month related to HIPAA and HITECH? You should have, even if it’s training in how things are different now! Let’s chat about it by submitting your comments here.
Related posts:
- HIPAA and the HITECH Act: Are you Ready?
- HIPAA and HITECH Training and MT Week
- Medical Transcription: H is for the HITECH Act
- HIPAA Book Update
- Proposed HIPAA Changes Impact Independent Contractors
Tagged with: HIPAA compliance • HIPAA privacy rule • HIPAA Security rule • HITECH Act • medical transcription and HIPAA
Filed under: Professional Development • Technology
Like this post? Subscribe to my RSS feed and get loads more!
I am an independent contractor and work in a home office. Except for when my husband is on his computer sometimes in the evenings, I’m in there by myself. I don’t keep any printed documents, so there is no identifying information about anyone laying around, and if I am working and he is in the office, he cannot see my computer screen. Also, I have a paper shredder, but I never have anything to shred. At one point, I checked with my insurance company about a policy and they said they don’t do that kind of insurance. Do I need to be doing more than I’m doing, which is basically not to talk about anything I transcribe with anyone (other than possibly to ask specific questions, generally about style rather than content, with the supervisor of the company I have a contract with) and not to keep any patient information around that can be seen by anyone?
Sherry
[Reply]
Kathy Reply:
March 9th, 2010 at 10:22 pm
Sherry, with the introduction of the HITECH Act, all of the HIPAA rules have changed such that independent contractors, who are called business associates (If your contract is with the healthcare provider and not with a medical transcription service) are now responsible for all of the same things that are required of a covered entity. If you haven’t already done it, I encourage you to visit the HIPAA4MT website in the link in this post and be sure you sign up there so you can get the info you need.
[Reply]
This is the changing world we live in.
It stinks, but we have to deal with it.
We had enough requests that we finally built a checklist for those that will work from home for a Covered Entity.
If I were an independent contractor who works for a CE, I’d be proactive on this…because…if I were a CE who had my act together, I’d require this for all my contractors.
[Reply]
Kathy Reply:
March 11th, 2010 at 10:10 pm
John, I agree that those who are ICs should actually be proactive. It’s not enough to wait for them to move on it. It’s tough, however, we also have to be sure that we are doing the right thing and protecting ourselves in the process.
[Reply]
Aaah, this is very timely info for me.
[Reply]