INTRODUCTION

Platinum Transcription (hereinafter the “Company”) has adopted this Policy to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the requirement of the HIPAA security and privacy regulations to protect the security of Electronic health information, as well as to meet our duty to protect the confidentiality and integrity of confidential health information, as required by law, professional ethics, and accreditation requirements. 

All individuals (hereinafter “Users”) who participate in the processes of dictation, transcription, maintenance, storage, and retrieval of transcribed data of the Company and the Company’s Clients must be familiar with this Policy. Demonstrated competence in the requirements of the Policy is an important part of every User’s responsibilities.



• A 100% TESTED RATING IS REQUIRED OF ALL EMPLOYEES WITH REGARD TO THESE POLICIES. 
• ALL EMPLOYEES MAY BE TESTED TO DETERMINE OVERALL UNDERSTANDING.

GENERAL POLICY

1. No Right to Privacy. The Company and its Clients encourage transcription of medical records to enhance productivity. The transcription system and all transcribed data are part of the business equipment of the Company, are owned by the Company, and are not Users’ property. Consequently, Users have no right to privacy in their use of the transcription system or its data
2. Right to Monitor, Audit, Read. The Company and its Clients reserve the right to monitor, audit, and read transcribed documents. The network administrator may override user passwords. Platinum Transcription may monitor the content and usage of the transcription system to support operational, maintenance, auditing, security, and investigative activities.
3. Training and Authorization Required. A User may use the transcription system only after having completed proper training and having received proper authorization in accordance with the Company Personnel Security Policy. The Director of Transcription Operations is responsible for such training and authorization.
4. User’s Acknowledgment Required. A User may use the transcription system only after signing an acknowledgment stating that the User acknowledges and understands the User’s obligation to protect security and maintain confidentiality when using the transcription system, that the User will fulfill his or her obligations, and that the User will face disciplinary action if he or she does not, in accordance with Platinum Transcription’s and/or the Client’s policies. The HIPAA Compliance Officer of the Company is responsible for obtaining and keeping such written acknowledgment from each User.
5. Access- Access to health information, records, tapes, dictation, or a combination thereof is limited to authorized users on a need-to-know basis.
6. Dictation and Dictation Playback. Dictation and dictation playback must be done in a secure environment that protects the information from being overheard by unauthorized persons. Health information may not be dictated into cellular phones or into public telephones where others can overhear the dictation or into equipment with an activated auto answer, such as an answering machine.
7. Shipping of Dictation. Dictation on audio cassette tapes, CDs, or other voice files may be shipped only in accordance with carriers authorized by the HIPAA Compliance Officer of the Company.
8. Log-off Required. Users must log off computers and dictation equipment when not transcribing unless using a pause feature that removes the document from screen view and access until the transcriptionist reactivates it.
9. Electronic Transmission of Transcribed Data. No User may electronically transmit transcribed data except as authorized by the HIPAA Compliance Officer of Platinum Transcription, consistent with relevant system security policies and chain of trust partner agreements. At no time may Users email or disclose Patient Information through an Instant Messenger program. Faxing may only be done when authorized by the HIPAA Compliance Officer of the Company.
10. Storage and Deletion of Dictation on Voice File. Users may store dictation on an audio cassette tape, CD, or any other voice file only for the length of time necessary to transcribe and review documentation and in a manner that protects against unauthorized access. Once the dictation has been transcribed and that transcribed data received by the Company and/or the Client of the Company as directed by the Company Director of Transcription Operations, the dictation on the voice file must be deleted from a digital system or erased from an analog system in a manner approved by the Company HIPAA Compliance Officer to protect the confidentiality of the data. Transcribed tapes may not be reused until they are first erased.
11. Authentication of Report. After a User completes transcription of a report, he or she must authenticate it by an identifier assigned by the Company Director of Transcription Operations. This authentication does not, however, constitute the formal authentication of the report required by law and professional standards.
12. Release of Patient Data. No User may release any patient data except to the individual who dictated the data, the Company and/or the Clients of the Company, or persons authorized in writing by the Company of Transcription Operations.
13. Enforcement. All supervisors are responsible for enforcing this Policy. Employees who violate this policy are subject to discipline, up to and including termination from employment, in accordance with the Company Policies and Procedures.