A community of 30,000 US Transcriptionist serving Medical Transcription Industry

HIPPA/HITECH and overseas MTs - MTlooking

Posted: May 07, 2010

How can any company be compliant with HITECH/HIPPA when they send work overseas. Isn't that a HIPPA violation and should the patient be notified that their personal information, diagnoses, history, SS#, in some cases home address, DOB, etc, is sometimes mentioned in reports and overseas MTs have access to it? How can any company be compliant, especially with HITECH be compliant with these new laws, regulations, etc, when the patient is not aware their information is accessed overseas and do the patient have a right to know if their personal information is being accessed and transcribed by an overseas MT and if the overseas MT put in an incorrect doctor name, what happens then? just asking.

HIPAA and offshore - sm

[ In Reply To ..]
You're absolutely right that these patient's private medical information is being sent to people in other countries, and I honestly do think that the patients should be informed. Because I'll guarantee that none of these patients signed an authorization for their records to be sent into somebody's hands overseas.

I think the MTSO's loophole in all of this is that they are probably calling their offshore MTs a "business associate." But under that reasoning, I guess that I could call my next door neighbor a "business associate" too.

HIPAA/HITECH laws do not apply when it comes to other countries. So honestly, I'm really just not sure how they can get away with it.

that's the real question is HOW do they get away with it? - Confused

[ In Reply To ..]
ive seen this discussion several times, but never really looked into it (I always feel so busy)... but if it is a HIPAA violation, how in the world can they do it? I mean... my IT guy couldn't even talk to my boyfriend today to load a program... A PROGRAM, with no identifying information or anything, because of HIPAA... so I dont understand how there is any offshoring?? I mean, there has to be a way they are doing it since so many are, and MTs are worried about our work getting outsourced eventually?? I mean... does anyone have the answer?

Patients and their records - Ima MT

[ In Reply To ..]
You'd be surprised I think, to learn that for the most part, patients don't give a good hoot who does the work or where it's done.

We did a local survey a couple of years ago with several large physician practices in my area, and 92% of the patients clearly said they had no clue the work wasn't done in the Dr's office and yet, they also said it didn't really matter to them.

To MTs it's an issue. To the public at large, I just don't think it is. I mean seriously, do I really care if Mr. Singh in India knows I have endometriosis?? I'm just not sure I see any more significant a risk there, then I do with the MTs that break in and sell records here. I think the odds are about the same. And since I'm a nobody, no one is likely to pay much for my endo information.

I care where my medical records are being sent - sm

[ In Reply To ..]
And almost everyone I have talked to cares who sees their medical records too. When you did your local survey, did you specifically ask the patients if they wanted their medical records sent over to India or Pakistan or Vietnam? My guess is that you must not have asked specifically enough, because I think the average person off the street, John Q Public, does care a whole lot if they know that people in other countries are reading and handling their private medical information and information about their personal lives.

Your argument makes absolutely no sense - sm

[ In Reply To ..]
It doesn' matter if you care about Mr. Singh in India having access to your medical records. And it doesn't matter what your unofficial survey said.

What is at issue here is this: Is it in compliance with HIPAA/HITECH laws?

The law remains the law, regardless of whether you "care" about it or not.

I don't have to "care" if the speed limit is 65 mph. It's still the law and if I go faster than that, I'm breaking the law.

so if its the LAW how do they get away with it? - confused

[ In Reply To ..]
i get what the above is saying and although WE care about where are records are sent, i believe its cause we are biased dont you think? maybe if people were aware of why they should be concerned they might be but im pretty sure the average person isn't aware of that you know? why isn't HIPAA in placee to prevent overseas transcription? can anyone answer that?

The MTSO is calling them a "business associate" - is the only thing I can think of

[ In Reply To ..]
If they are a "business associate," then I think that HIPAA allows that "business associate" to have access to work with the records.

But then my question is can a "business associate" be someone who is not bound by the law, since HIPAA is a law that is only enforceable within the United States?

The odds are not about the same - here is why - new2AARP

[ In Reply To ..]
An american MT knows about HIPAA, hears about HIPAA and has HIPAA shoved down their throats 24/7. We are VERY aware of the big trouble we can get in. And we're too busy scrambling to make a living to fool around stealing info, its too big a risk for too little payoff.

An overseas MT doesn't give a hoot about HIPAA. No penalties because they are beyond the law.

I'd say that makes the odds much higher identity theft is going to happen overseas where they know HIPAA won't touch them. Mr. Singh doesn't give a hoot about your endometriosis, but his brother is busy pulling your personal data (SS#, birthdate, etc.) off your illegally copied chart while he sleeps. If him and his bro get busted, they'll just hop to another MTSO with no penalties.

Your argument is insane! - You did not mention INDIA

[ In Reply To ..]
or other 3rd world countries. I am quite sure your survey did not mention that the work was not being done merely out of office, but out of the United States - by 3rd world entities with no regulation. I am sure.

Wow, assume much? - Ima MT

[ In Reply To ..]
Actually, I consider it part of my job to educate people about their medical record. So yes, I did mention India (and Pakistan, the UK, and Canada).

Someone said: An overseas MT doesn't give a hoot about HIPAA. No penalties because they are beyond the law.

I wonder how many of you just shoot off at the mouth without really having a clue what you're talking about. Do you HONESTLY believe that those running the MT services in India don't have a contract? Do you honestly believe that they do not have penalties and punishments in place for breaches? Have you ever SEEN a contract with an offshore entity? OF COURSE they are taught about HIPAA. And do you really think these large MTSOs would be ramping up offshore concerns if it was against the law? It's not like they're a little mom and pop shop, they're big enough to be noticed (such as all the times they are written in business journals, etc).

And I don't know about you, but my medical record does not contain my SS#. (Insurance does, however, because I was unable to have it removed from that aspect.)

So, my argument is NOT insane. If you go around and ask people where their medical records are typed, then ask them if they know it's often done out of the office, and then not only done out of the office but in the home of someone possibly countries away. seriously, they really don't care because it doesn't impact their lives. WE care because it DOES impact our lives.

Sending work to India is not a HIPAA breach. It's not against the law. All this hooting and hollering about such is mind boggling.

I'd have to disagree with you there. - sm

[ In Reply To ..]
A good deal of clients use a SS# as a MR#. That information is given when the overseas MT has to verify correct patient. While your medical records may not contain your SS#, many others do.

Also, were you aware that a lot of the credit card companies use overseas call centers? They not only have your credit card number, but they have to verify it with your social security number. I think this is absolutely insane, but's is legal.

That's why I thought it would change with HIPAA/HITECH. Credit card companies don't have to abide by this, but MTSOs do.

The way it was explained to me - Ima MT

[ In Reply To ..]
"Bums on seats"

Oftentimes a warehouse with 1000 seats, divided into quads.

One quad does your insurance.
One does your credit card information.
One does your medical record.
One does your customer service.

One stop shopping. :(

Doesn't make sense. - sm

[ In Reply To ..]
There may be warehouses that do this and perhaps this is how the building is structured. But I know for a fact that my company outsources overseas and we have several different clients that use the SS# as the MR#. That would mean that every time they get a dictation, they get the patient's name and MR#, which also is their SS#.

I don't understand what you're talking about when you say one stop shopping. In fact, if true, that makes it even worse. If they wanted to, they could share ALL our information among themselves.

You mentioned in your above post: I wonder how many of you just shoot off at the mouth without really having a clue what you're talking about. Do you HONESTLY believe that those running the MT services in India don't have a contract? Do you honestly believe that they do not have penalties and punishments in place for breaches?

Do you think we don't have laws here for identity theft???? If the MTSO overseas has penalties, the countries themselves must have laws. Yet people still do it all the time, don't they? If a person in India, Pakistan, or wherever overseas REALLY wanted to steal someone's identity, do you think their contract or threat of penalty and punishment is going to stop them?????

Have you seen the overcrowding in prisons lately because people don't let penalties and punishment get in the way of what they want?

You and I may respect the law and the fear of punishment, but criminals are hardwired differently. HIPAA and HITECH, that aren't even applicable in their countries, isn't going to make them blink an eye...especially if they can make more stealing someone's identity than working 12 hours as a bum on a seat.

But do the patients realize it isn't just their medical records? - sm

[ In Reply To ..]
Sure, Mrs. Brown may not care if someone in India knows if she has endometriosis, but is she aware that someone from Pakistan knows her full name, SS#, birthdate, and sometimes even address and phone number?

I don't think the majority of the public are thinking in those terms instead of just "my endometriosis."

My guess is that the MTSOs do not offshore - HIPPA

[ In Reply To ..]
the demographics, only in an encrypted way, or it goes all by numbers, I guess.

I think there is not a single ILP that sends his/her reports directly to the client.

So many MTSOs are lurking on this forum and participate, but not a single 1 volunteered to answer this question that was so often asked.

HIPAA/HITECH covers all medical records - sm

[ In Reply To ..]
The MTSOs can't be compliant with HIPAA/HITECH, even if they do not send or encrypt the demographics.

How many dictations have you done where the dictator gives the patient's name, their date of birth, SSN, family members' names, addresses and phone numbers?

And this information is dictated WITHIN the text of the dictation, so even if the MTSO is not giving the offshore MTs the demographics, it would seem to me that they are still in violation of HIPAA/HITECH.

there must be a way to do it, even in the text, otherw/ not allowed - no way SS#

[ In Reply To ..]
nm

I can't see any way to do that and still be - HIPAA compliant

[ In Reply To ..]
If the dictator gives private patient information within the text of their dictation (and I have many of them who do), what can the MTSO do about it? The only way I can see would be to hire someone to do a full listen on all the dictations before they are sent offshore. A "full listen" on the entire dictation because sometimes the dictator gives this information at the beginning, sometimes the end, and a lot of times sandwiched somewhere in between.

Granted some dictations don't contain any of this information, but a lot of them do. So how does the MTSO remain HIPAA compliant when they are sending these voice files overseas?

You cannot enforce HIPPA/HITECH - MTmed

[ In Reply To ..]
overseas and MTSOs cannot oversea if the HIPPA laws are being followed while they send files out of the country. It cannot be done and if they are telling their clients they are HIPPA compliant and send files overseas, they are not being truthful. You cannot enforce or ensure HIPPA compliancy when the files are being shipped or access overseas. IT is impossible.

HIPPA - babypaws

[ In Reply To ..]
The ILPs do demographics too. I QA some of their reports and they do fill in demographics. SS#, full name, DOB, everything. Basically what we hear, they hear too.

Oh wow, thank you for letting us know - now thats scary

[ In Reply To ..]
So the India MTs have it all, my full legal name, my medical history, my address, my social security number. How can this NOT be breaking HIPAA laws. Nobody ever told ME, the patient, that they're sending all of my personal and private information to another country.

At least when I get the phone company's India call center on the phone, they have to specifically ask for my permission to access my records. Nobody asked me for my permission to send ANY of my records or ANY of my information overseas!

Now that's scary - Mostdefinitely

[ In Reply To ..]
I have said this since they started sending transcription offshore. I have worked on many different platforms and there are alot of them that give away the ranch as far as identifying information goes. I don't want my name, addresss, phone #, DOB, SS#, employer's name, job title going offshore. That is just too much information to put into the hands of someone offshore. If it gets hacked, lots of luck tracing anything.

JCAHO - jm0405

[ In Reply To ..]
What I found out is this - cause I called JCAHO to turn in Siance over not paying me. HIPAA compliance rules are enforced by JCAHO. If a hospital is not an accredited JCAHO hospital, then the rules don't apply. There's no one to enforce. Many of the hospitals sending overseas = Non-accredited JCAHO facilities. Companies that do send work to India that are accredited, when JCAHO catches them, the transcription company is fired immediately because JCAHO cannot prosecute theft in India. When an MT company is caught, the hospital fires the MT company and the hospital has to pay $1000s in fines. Turn in these companies to JCAHO if you want outsourcing to stop. Check and see if your hospital is accredited or not and contact JCAHO if they are. Stop outsourcing from within. :)

Similar Messages:

Nov 14, 2009

A few days ago the MTSO I work for informed us that it was even more important for us to be sure that the patient information in the demographics be accurate. They went on to say that if an error was made, the patient would now be informed of this. While I totally agree that at all times patient information, inculding DOB, MR number and other very important data be perfect every time, I can't help but wonder that if patients will be informed when this information is in error, w ...

Jan 28, 2012

There are new reporting requirements (MU, or meaningful use) within the HITECH Act. For the first time ever, patients' BMI, smoking history (patients 13 and over), and vaccination history and records will be reported directly to the federal government by their physicians. (These data were compiled in the past for epidemiologic purposes but not linked to individual patients.) And these are just the aspects of Stage I of EMR implementation -- Stage II ...

Nov 15, 2009

Anyone check with their employer to see how they will handle an MT performing a HITECH HIPAA violation after 02/2010? Could be $100 fine for each occurence, up to $25,000/year. HITECH HIPAA violation could be an MT putting an incorrect doctor in for a carbon copy. I know the doctors are so very thorough in their carbon copy requests, so in that case, there should be very few problems...lol. ...

Mar 26, 2010

Just found out my employer is requiring all employees to take the HITECH test. This is from the law that was passed last year. We were told it would take about 5 hours to complete. Has anyone seen this test or taken it who can share some info (how long, how hard, etc?) Sure wouild appreciate a little info before starting. Thanks! ...

Jan 13, 2010

drop the account? Would you comply with HITECH and let the doctor worry about his own compliance and keep status quo? I have an acct that is part time and I could pick up more more elsewhere if I dropped him, but who wants to walk away from business in today's environment? This doctor is not overtly saying he refuses to send his dictation by encrypted email. He just is saying nothing and not changing anything. What would you do? ...

Feb 11, 2010

I'm wondering where other people have their home offices/work computers? My desk is currently in a corner of the living room but it's not in the main living area, so to speak. It's kind of off in this nook area off the living room. My monitors face outside and not into the living room. I'm wondering if I'm going to have to figure out someplace else to put everything to be in compliance? I do have my computers password locked so no one else can ...

Feb 07, 2010

“The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted in February 2009, …expanded the reach of HIPAA, extending it to business associates effective February 17, 2010, and imposing nationwide notification requirements for breach of unsecured protected health information (PHI). Business associates will also now be directly obligated to comply with the security rule of HIPAA and implement security policies to safeguard electr ...

Jan 12, 2015

I was offered a position with a company who requires a HIPAA certificate, and I was wondering where others have gone online to obtain that and if anyone could suggest any that were under $20. Thanks! ...

Feb 28, 2010

I've just received a call from my supervisor advising me that because I cc'd the wrong physician on a report, that it is a HIPPA violation and I have been given a warning that if it happens again I am going to be fired. I've been doing this job for 35 yrs and I have an excellent work history, ethic, etc. I realize that HIPPA is very important and I "get it". But if I lose my job over a lousy cc? I'm devastated by this. What has transc ...

Dec 22, 2009

I guess its not really something new, but as I was visiting a friend in the hospital yesterday a doc was sitting at the nurse's station just dictating away. I clearly heard patient's name and identifying info and her entire medical history while standing outside the room waiting for nurse's to finish with my friend. ...

Apr 07, 2010

Has anyone else gotten a HIPPA violation for referencing old reports when typing an ESL ? ...

Jun 26, 2011

Just wondering if any other MTs have have taken the new HIPPA compliance test? ...

Mar 11, 2011

Does anyone know how the new HIPPA regulations affect us as employees? I'm starting to read up on it, but it's confusing. I understand the work station. I understand that we are the workforce and I understand that the government is cracking down on electronic medical records. Does anyone know anything else? Thanks. ...

Nov 07, 2013

To email transcribed medical records? I'm training with a small company & she's having me email completed reports to the "manager." I think this is a HIPPA violation... ...

Nov 21, 2013

ago and passed, do we become HIPPA certified and can we get a certificate to show we are certified? ...

Jun 22, 2015

As an independent contractor has anyone had to take a HIPPA test to either start contracting or keep an existing contract with a company that you are transcribing for? ...

Jul 12, 2010

Okay, this is the second time while on this board (I only frequent it about twice a month) that I have come across "80% MT work being sent overseas". Could someone please fill me in (you can email me if you think it will be erased on here). Thank you so much! ...

Jan 12, 2010

Is this more strict? or is it the same? Am I freaking out for nothing new? According to some of those examples, I'm not even sure that normals and the repository are legal. Doesn't it say that we are not allowed to save other records for examples? And the fact that you can be fined if you ACCIDENTALLY see something or accidentally send something to the wrong doctor, which I know we have to be careful not to do, but what if it is the dictator who gives us the wron ...

Jan 12, 2010

Okay. I just finished watching the videos and the HIPPA presentation. Now that they've put the fear of God in all of us, just how the heck can the Q, with a straight face, suggest or promise to a health care provider that they (the Q) can assure the client the PHI can be guaranteed when sending work to a group of employees who live several continents away and who do not speak English as a primary language. What a crock!!!! How many health care providers know their ...

Jun 26, 2010

Could somebody explain what this means to me and also tell me what this would entail so that I would have some idea if I had a compliant site or not? Thanks ...

Aug 02, 2010

The daughter of a friend of mine works in the clinic that I worked at for 18 years in medical records is known to read charts and then tell others about what she has read. For example, someone who has an STD that she knows, she has told lots of friends about it and I have heard it myself. Does anyone have any idea what happens when you report someone for a violation? I am sure that they take the person's name who is reporting it but can you tell me what else is ...

Jun 13, 2011

Just finished hours worth of unpaid time in and out of programs to balance time sheets for the end of pay period and trying to figure out in and out of programs for 2 weeks with no work. Now get the email to do the mandatory unpaid HIPPA testing, and still have not WORKED for my 4 cents. Hummm, when do I want to do this test so I can feel even more hopeless, helpless and worthless? ...

Aug 25, 2013

Just saw a posting below where this year we would have a title of business associate instead of ICs. What does this mean to us in any way. I only know the very basics of HIPPA, not how this would differ now. Thanks. ...

Jul 31, 2014

What is a good HIPPA complaint email? Other than email, how do you send work to clients if not using an TASP? Thanks, Cathy ...

Mar 17, 2010

I was reading below about the TAA. I have less and less work. I have had NJA all this week, never ran out at this time of year before. Last time they blamed it on the storms on the East Coast. My pay is continually going down, especially after the previous pay decrease, and now NJA. My question is how do I know if my accounts are going oversease, and this is why I am out of work to apply for TAA. Thanks for any help. ...

Aug 07, 2010

...

Jan 05, 2012

<sigh> With the USA going down the toilet fast (see Military Detention Act), I fleetingly thought about pursuing something overseas. I used to work with a lady who took a position in Saudi, Arabia. They paid to move her over there (into a dorm-type building with other MTs), where she lived for a year or two. She was subjected to incredibly sexist treatment by the Arab men BUT loved it there and wound up marrying an American she met while there. Of course, ...

Mar 29, 2012

Does anyone know if you can work overseas for MQ/MM or whatever it is called? My husband is in the military stationed in Germany and I would like to move over there with him. Thanks for any help with this! ...

May 10, 2012

I just saw a comercial on TV last night that says Mitt Romney outsouced to call centers overseas. That really upsets me and I for one will remember that when I go to the polls. I am shocked and apalled. He must need educated on the fact that Americans jobs are going overseas. ...