The TA+ platform enables HIPAA compliance through advanced technology for dictation, transcription and the accessibility of patient data. To be HIPAA compliant, the enterprise must secure Protected Health Information (PHI) of all patient records with controls in place for the following:
- Electronic access by user and password
- Audit trails of all transactions - listening, transcribing, editing, viewing, printing, faxing, physician e-signing and electronic delivery methods
- Encryption of information "exposed" to the Internet
In addition to the security available from Windows networking, TA+ utilizes its own security system to control document access.
How It Works:
Each new TA+ user has an individual profile that is attached to their user ID. Managers develop a customized profile for each user with appropriate privileges enabled for that specific user. When a user signs on, the TA+ system presents access buttons for only those functions he/she has been authorized to use.
User profiles can be set up to restrict or allow access to on-line viewing, editing and printing by document work types. Electronic signature via TA+ requires an additional authorization (i.e. PIN number) for access as per CMS guidelines.
At logoff, all individual transcription reports, physician dictation and patient demographic information are removed from the desktop of each remote and/or on-site user, to prevent unauthorized access.
TA+ software keeps detailed transaction logs of all access activities including listening, transcribing, viewing, printing, faxing, editing, downloading and signing. Each time one of these activities is performed, the system posts a transaction of the activity.
Our audit logging:
- Tracks the integrated physician voice file with the transcribed report.
- Displays the user ID, activities performed, workstation, time and date of the various activities, relevant fax number and relevant printer ID.
- Provides transcription document versioning using the ‘View Versions’ feature. From document creation through QA editing and physician interaction with the document, authorized TA+ users may demand a record of document content by version, to determine the author of all activity.
Within the TA+ platform, documents are encrypted using VPN, SSL (Secured Socket Layer) or the Triple DES method. Documents and patient data are automatically encrypted when sent and unencrypted upon receipt. Browser access is accomplished via the TA+ system’s secured client architecture.
- To ensure HIPAA compliance, patient demographic information, transcribed reports and physician voice files are encrypted and password-protected while transcriptionists and editors are working.
- Upon logging off from the TA+ system, all transcripts, patient demographic data and physician voice files are removed from editor, correctionist and transcriptionist PCs. This process occurs for all system users, both in-house and remote.
- Although technically feasible, TA+ does not use e-mail technology to route documents due to HIPAA security requirements. All routing of confidential information is accomplished within our secure network environment. Audited electronic delivery is available via the TA+ ‘Download’ feature.