Arrendale Associates, Inc.

HIPAA ENABLEMENT WITH TA⁺

An enterprise must implement, maintain and review a variety of controls, policies and procedures to comply with all aspects of HIPAA. The TA+ platform enables HIPAA compliance through advanced technology for dictation, transcription and the accessibility of patient data. To be HIPAA compliant, the enterprise must secure PHI, Protected Health Information, of all patient records with controls in place for the following:

Electronic Access By User And Password
Audit Trails Of All Transactions: Listening, Transcribing, Editing, Viewing, Printing, Faxing, Physician Electronic Signing and Electronic Downloading
Encryption Of Information "Exposed" To The Internet

SECURITY

TA+ utilizes its own security system, in addition to the security available from Windows networking, to control document access. Each TA+ user has an individual profile, which is attached to their user ID. When a user signs on, the TA+ system presents access buttons for only those functions authorized by the specific user's existing profile. For each new user, managers develop a customized profile. For instance, when a clerk signs on, a button to fax does not appear unless the clerk has been given privileges to fax. The profile can restrict or allow access to on-line viewing, editing and printing by document work types. Electronic signature via TA+ requires additional authorization (i.e. PIN number) for access to comply with CMS guidelines. At logoff, all individual transcription reports, physician dictation and patient demographic information is removed from the desktop of each remote and/or on-site user, to prevent unauthorized access.

AUDITABILITY

TA+ software keeps detailed transaction logs of all access activities including listening, transcribing, viewing, printing, faxing, editing, downloading and signing. Each time a document is accessed, listened to, transcribed, edited, viewed, signed, downloaded, printed or faxed, the system posts a transaction of the activity. Our audit logging includes tracking the integrated physician voice file with the transcribed report, in order to comply with the April 2005 HIPAA Security Rule. The audit report, available to authorized users for each dictated and/or transcribed job within TA+, displays the User ID, activities performed, workstation, time and date of the various activities, relevant fax number and relevant printer ID for compliance. In addition to audit tracking, TA+ provides transcription document versioning using the 'View Versions' feature. From document creation by a transcriptionist through QA editing and physician editing and signing, authorized TA+ users may demand a record of document content by version, to determine the author of all edit activity.

TECHNOLOGY

TA+ utilizes secured client architecture providing access through an industry standard browser such as Internet Explorer. Within the TA+ platform, documents are encrypted using VPN SSL (Secured Socket Layer) or the Triple DES method. Documents and patient data are automatically encrypted when sent and unencrypted upon receipt. Upon logging off from the TA+ system, all transcripts, patient demographic data and physician voice files are removed from editor, correctionists and transcriptionists as well as in-house system users. Although technically feasible, TA+ does not use e-mail technology to route documents due to HIPAA security requirements. All routing of confidential information is accomplished within our secure network environment which includes an audited electronic delivery option, the TA+ 'Download' feature.


Software Solutions	HIPAA ENABLEMENT WITH TA⁺ An enterprise must implement, maintain and review a variety of controls, policies and procedures to comply with all aspects of HIPAA. The TA+ platform enables HIPAA compliance through advanced technology for dictation, transcription and the accessibility of patient data. To be HIPAA compliant, the enterprise must secure PHI, Protected Health Information, of all patient records with controls in place for the following: Electronic Access By User And Password Audit Trails Of All Transactions: Listening, Transcribing, Editing, Viewing, Printing, Faxing, Physician Electronic Signing and Electronic Downloading Encryption Of Information "Exposed" To The Internet SECURITY TA+ utilizes its own security system, in addition to the security available from Windows networking, to control document access. Each TA+ user has an individual profile, which is attached to their user ID. When a user signs on, the TA+ system presents access buttons for only those functions authorized by the specific user's existing profile. For each new user, managers develop a customized profile. For instance, when a clerk signs on, a button to fax does not appear unless the clerk has been given privileges to fax. The profile can restrict or allow access to on-line viewing, editing and printing by document work types. Electronic signature via TA+ requires additional authorization (i.e. PIN number) for access to comply with CMS guidelines. At logoff, all individual transcription reports, physician dictation and patient demographic information is removed from the desktop of each remote and/or on-site user, to prevent unauthorized access. AUDITABILITY TA+ software keeps detailed transaction logs of all access activities including listening, transcribing, viewing, printing, faxing, editing, downloading and signing. Each time a document is accessed, listened to, transcribed, edited, viewed, signed, downloaded, printed or faxed, the system posts a transaction of the activity. Our audit logging includes tracking the integrated physician voice file with the transcribed report, in order to comply with the April 2005 HIPAA Security Rule. The audit report, available to authorized users for each dictated and/or transcribed job within TA+, displays the User ID, activities performed, workstation, time and date of the various activities, relevant fax number and relevant printer ID for compliance. In addition to audit tracking, TA+ provides transcription document versioning using the 'View Versions' feature. From document creation by a transcriptionist through QA editing and physician editing and signing, authorized TA+ users may demand a record of document content by version, to determine the author of all edit activity. TECHNOLOGY TA+ utilizes secured client architecture providing access through an industry standard browser such as Internet Explorer. Within the TA+ platform, documents are encrypted using VPN SSL (Secured Socket Layer) or the Triple DES method. Documents and patient data are automatically encrypted when sent and unencrypted upon receipt. Upon logging off from the TA+ system, all transcripts, patient demographic data and physician voice files are removed from editor, correctionists and transcriptionists as well as in-house system users. Although technically feasible, TA+ does not use e-mail technology to route documents due to HIPAA security requirements. All routing of confidential information is accomplished within our secure network environment which includes an audited electronic delivery option, the TA+ 'Download' feature.

	View and Print as PDF of This Page

View and Print as PDF of This Page