Recap Of Webinar "Evolving Medical Transcription: Technology's Impact On Traditional Transcription Processes"
There was a very good turnout for the webinar, over 160 attendees, I'm told. There were a number of questions asked, and my answers appear below. The entire presentation can be accessed free of charge at this link. Please feel free to post any comments or questions here.
Q: Would you recommend some type of errors & omissions insurance or liability insurance to cover our business liability with this new regulation?
A It's interesting, just a year ago I would have said no, but with the recent changes, I'm starting to feel differently. With all the added liabilities for business associates under HITECH, E&O insurance is probably not a bad idea. I haven't looked into what's out there recently; if you come across any information I'd appreciate it if you'd share it with me.
Q Are there any policies in place from a HIPAA perspective on mobility and dictation?
A I'm not aware of any HIPAA or HITECH regulations that specifically address mobile devices, etc. in terms of security, but my approach would be to make sure there are adequate safeguards in place to secure data from mobile devices, that you have your policies and procedures in writing, staff is educated on them, and compliance is documented regularly. Certainly mobile devices are not specifically exempt from HIPAA, so we have to proceed on the assumption that HIPAA applies to mobile data as well.
Q: Do confidentiality agreements cover the requirements and hold the MT responsible for confidentiality?
A HITECH specifically requires that business associates have detailed contracts with their covered entities that spell out the responsibilities for each party. My recommendation is that you treat independent contractors as business associates as well, which means that both you and they would be liable in case of a breach, but at least you would have some covering if you can show that you did your due diligence to make sure they were aware of their obligations under their contract. Now in terms of employees, as opposed to ICs, it's my understanding that your employees would be covered under the business associate contract you have with your covered entities. However, it would be your responsibility to ensure that all your employees are aware of your policies and procedures regarding security, and that they are in fact compliant with all those policies, and be able to document all of this. What this would look like for your company in terms of how you ensure compliance is something that you will have to determine based on your specific situation. But whatever approach you take, again, it has to address all "reasonable" potential risks and you need to document everything.
Q Has anyone been prosecuted for HIPAA violations?
AYes, there have been a handful of cases, but they've all involved out and out identity theft or holding information for ransom or selling confidential patient information to the press, etc. None that I'm aware of stemming from inadvertent breaches.
Q: How will the increase in cross-border healthcare delivery (through telemedicine or medical travel) influence the medical transcription profession? What tasks will remain local to the patient and primary care provider and what would be done at the distant provider?
A My sense is that the trend to outsourcing in general will continue to affect this aspect of healthcare documentation as well. Because of the ubiquity of the Internet coupled with digital audio technology, there really are few significant barriers to remote transcription, so I would anticipate that the geographical source of the dictators and dictations will continue to be less important in terms of who performs the transcription and where they're located. Of course, this question doesn't address what effect the implementation of EHR/EMR technology is going to have on transcription in general, and that's a subject of lots of debate and speculation. The truth is, we really don't know yet.
Q: So is there any hope of an MT certificate holder actually being hired anywhere? I obtained a certificate from a community college. None of us found employment because all requests for MTs required at least 2 to 5 years of experience. Where does that leave us? Our investment, time, and training appears to be even more worthless with voice recognition around the corner? Same scenario with Billing & Coding. I've been transcribing legal depositions for a court reporter for workers' comp, malpractice, accidents, homicides, etc. Your comments, please?
A I wish I had a simple answer. There's no question that the barriers to entry in our profession are significant, but not insurmountable. There are some larger national MT companies who do hire new graduates, IF you can pass their screening exams. You may just have to keep knocking on doors, so to speak, until you find someone who's willing to at least let you test. Having an RMT certification from AHDI can be a help in this regard also.
Q: So is the issue offshoring or service providers' inabilities to provide secure transactions?
A In practical terms I think it's definitely more about security than it is about where the data is going. As I said during the webinar, most of the same security concerns that can be raised regarding offshore transcription would also apply to transcription done by home-based workers right here in the U.S.
Q: How can a home based business comply today in advance to adhere to the safeguards? Is there a website that can we can follow step by step?
A Unfortunately there's no "one-stop shop" in terms of HIPAA compliance, in large part because every situation is different and there's no one set of solutions that will apply to every scenario. This is a case where investing in the services of a consultant to help you determine what your needs are and designing policies and procedures to fit your situation would seem to be a wise investment. Obviously coming from a consultant that advice can sound self-serving, but I sincerely believe it to be valid nonetheless.