A community of 30,000 US Transcriptionist serving Medical Transcription Industry

Can Someone Here Answer a - HIPAA question for me?

Posted: Oct 17, 2013

to someone who has in depth knowledge of the new HIPAA rules and regulations, please respond first and then I will ask my question. thank you.

sure... go ahead and ask - expansive knowledge

[ In Reply To ..]
Ask away

Thanks for responding - I need someone who

[ In Reply To ..]
knows quite a lot about this, as I had been demanded by my employer to "encrypt" my hard drive by a program they implemented. I am an IC, not employee. This is my computer, not their equipment. Their online work site already had encryption on it. No files of theirs was ever stored on my computer anywhere. I checked into the program and did not like the sounds of the risks of losing all of my own data on my computer due to incompatibility of their program. They also required a very long convoluted password to access your own computer after it was encrypted. The company I worked for wanted that password. For those reasons, I did not feel comfortable with doing this. I was told that encrypting my hard drive was a MANDATORY action demanded by HIPAA. I had heard that it was an "option" but not mandatory. I was told to encrypt my hard drive immediately or face termination immediately. Can you respond to this?? Is mandatory encryption demanded by the new HIPAA rules?

yes encryption is a HIPAA requirement - to protect PHI - nm

[ In Reply To ..]
x

My company changed us from IC to - Kendra

[ In Reply To ..]
business associate title because of the new HIPAA rules but they never said one thing about us having to change our computer, give a password and such, never. It is encrypted on their end and they asked for nothing like you are talking about from us.

same here - not mandatory only an

[ In Reply To ..]
option.

I found this through - onlinetech/compliant hosting

[ In Reply To ..]
Here is some documentation concerning encryption...and please note...this is for the SERVER HOST... not the individual IC: please see below:

What are the minimum security requirements for managed servers and cloud servers to meet HIPAA?
â�¢Virtual or Dedicated Firewall
â�¢Backup
â�¢Antivirus
â�¢OS Patch Management

What about Encryption, is it required?
No. Encryption is not required but it is strongly suggested. Why? PHI that is released in encrypted form does not count as a release. It must be encrypted to the NIST standard (see http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf). So while you donâ��t have to encrypt data, it is best practice to do so while it is stored in the database, and especially while it is in transport.

Whatâ��s the best way to encrypt PHI?
Encryption requires decryption prior to use which is computationally expensive, so you canâ��t just encrypt everything on the server. The best tools and methods depend on the application, operating system and usage patterns.

A few things clients should consider:
1.Always use SSL for web-based access of any sensitive data (personally identifying or medical information)
2.Name, SSN, diagnosis, addresses, prognosis etc. and other sensitive information within an EMR system should be encrypted in the database using techniques and mechanisms known only to a select few.
3.Content such as images or scans should be encrypted and contain no personally identifying information.

What are some other best practices?
There are a few things that clients should do as it will help with their audit:
â�¢Document data management, security, training and notification plans
â�¢Client should use a Password policy for their access
â�¢Encrypt PHI data whether itâ��s in a database or in files on the server
â�¢Do not use public FTP. Use other methods to move files
â�¢Only use VPN access for remote access
â�¢Login retry protection in their application
â�¢Document a DR plan

Explanation - sm

[ In Reply To ..]
Your company is implementing a measure to minimize the risk of a breach from your computer, say when yours is stolen or you get a new one exposing anything on it to others.

I do not know if it is possible for voice or report info to be on your hard drive, but if it is, you need to encrypt it. If you don't understand this issue, you need to encrypt. If you think long, convoluted passwords are burdensome, you don't understand the issue and definitely need to do what your employer is asking.

If you don't want to do this, your other option is to find a new job.

I understand what you are trying to say - but there were no

[ In Reply To ..]
voice files or any report information of theirs to be found on my hard drive anywhere. Everything was done on line on their site, which is already encrypted. It was their database, not mine (I am OP). I have no burdensome problems with long convoluted passwords, only that THEY wanted the password, which would give them complete access to MY hard drive at all times. It was also stated that due to some incompatibility with some hard drives, implementing the application may cause my hard drive to lose all of any data that was on it... i.e. my personal files, my pictures, everything, and they would take no responsibility for that happening, and no responsibility to repair my hard drive, and no responsibility for any time off I suffered if that should happen. Believe me, I DO understand the issue, and being an IC, I do not think I OWE this company anything. If they need MANDATORY encryption, then they need to supply the equipment and not demand that I put mine in jeopardy for something that may never happen. It is the HOST SERVER, where the databases are stored, that need to be encrypted. I had no access to their databases whatsoever. and besides, HIPAA rules specifically state it is simply an "option," and not mandatory, and that is for the SERVER, not individual ICs personal computers.

Now I hope YOU understand the situation a little bit better before telling me what I HAVE to do. Thank you for your input though.

Simple solution - Work for someone else

[ In Reply To ..]
If you don't like the company policies, look for work elsewhere.

already did that - so you do not need to be

[ In Reply To ..]
so judgmental. nobody is forcing anything on YOU, so you do not know what it is like, either that, or you do not care for your computer one iota, or just a sheep following its leader blindly, doing everything you are told whether it is good for you or not, and not standing up for yourself or for what is right. Mandatory is never a word you use with an IC...an employee, maybe, but not an IC. Read the IRS rules concerning what a company can and cannot "demand" of an IC and learn something. and most especially not at 7 cpl!!! 3 for editing. I already have another job and it is at twice the price!! no "pooled queues", cherry picking, running out of work, etc. So all for the best, as far as I am concerned. I mostly wanted others' input on what the HIPAA rules "really state," and not what some power hungry company wants to place upon their indentured servants. Then again, you sound like you could be an employee of theirs... so better watch what I say, huh? I surely did not ask for an "if you don't like it, leave" attitude from someone who knows nothing. bye bye. baaahhhh.

Similar Messages:

Sep 01, 2010

I've asked numerous times; all get ignored. I have asked what happens if I can't get my hours in (I'm FT) in any given week (s).....Will I lose my health insurance? She picks and chooses which emails to answer. Any FT'ers who regularly find it next to impossible to get their hours in -- did you lose your benefits? ...

Dec 08, 2013

After 50 years as an MT I am now only doing SR from hom ...

Aug 20, 2014

Ever wonder what is going on with the work? Lots of it one day, none the next? You get no answers from anyone on your account? What are you supposed to do? I've about had it. ...

Sep 10, 2010

I've been working for almost two weeks now for a company and have sent QA several messages concerning questions about appropriate ways they want the reports done as well as dangerous abbreviations (I did not use them at my last job.) I cannot get an answer and it just bugs me badly. ...

Oct 16, 2010

No one answers my emails when I ask why my accounts have no work. It's been going on for a very long time, but so much worse now. I thought a new account was going ot start, but I haven't heard a word about it. Is something going on that I don't know about? I realize they were going to be switching to more SR and MTs weren't all that happy about it (my own pay will be 1.5 CPL lower and only 4CPL for SR work), but what happened?I absolutely hate coming to a r ...

Nov 03, 2010

from Qcare. I haven't been able to log into MQ central or get my e-mail for over 2 days already. I thought they were supposed to answer in 24 hours?! ...

Mar 28, 2011

Now Plllleeeeasssse moderator, don't move this to some other forum. I really do need for a MedQuist QA person to answer this question.... My original blurb was placed on here, and it was moved to the Word Board. I got answers from others who do NOT use ASR platform of MQs. I realize BOS2 says the number, and that is what I have been doing for about a year now. Here is the headache that we MQ employees endure. ASR seems to do whatever it wants and does NOT follow rul ...

Aug 24, 2011

How come when I had to F11 a job today (first time in 6 months), I was still paid for ASR rate, even though I typed it? Is this because of all of the people "claiming to do an F11 day," thereby screwing the rest of us??? ...

Aug 30, 2011

as it will be moved to the tech board where it belongs, but it doesn't have email options. I really would like someone to let me email them with a screenshot of the Chartnet I am working on. I have permission from my TL. We are switching over to Chartnet and I just hate it. I have read where everyone loves it but something is different with what I am working on. Early on, someone suggested it was set up in M-Modal version which is not as user friendly, but all ...

Jul 31, 2012

While training on Docqscribe 7.1, do we get paid hourly or straight transcription rate with a little extra for training? ...

Oct 07, 2012

Who's minding the store? Because there certainly doesn't seem to be anyone there - despite the fact that the RTL is supposed to be on duty for another hour and a half. Trouble with my que on the weekend has been going on every since the last maintenance. Wonder if the two are connected or coincidence. ...

Oct 15, 2012

nm ...

Jan 21, 2014

With templates that are spaced wrong and punctuated wrong? I've been gigged for 1 space in the past. Whoever entered this template doesn't know how to use hyphens either. ...

Apr 23, 2014

I was acquired 1 yr ago. I had 4 years service with previous company, and was told we brought that with us, so I assume now I have 5 years service, right? At the time, there was a schedule of PTO hours earned per years of service, I think it was about 3 weeks if you had 5 years. I do not see that anymore. Does that mean everyone only earns 4.62 hours of PTO per pay period no matter how long they have been employed? Also, regarding the "time off without pay." If I h ...

May 06, 2014

Still in training and asked if there was a way to look up old reports on Bayscribe. Does anyone know? Thanks for any help! ...

Sep 19, 2014

using numberical 2 and Roman II, was told was between types and conditions of disease. Am confused, can you help? ...

May 31, 2015

If a doctor is dictating the wrong word consistently throughout the report and stating the word very clearly, do you change it or leave it? ...

Jun 24, 2015

I just read online that Costco employees make $20 per hour. Could I be any more depressed? ...

Mar 15, 2010

asked, "I am trying to get a grasp on the IC vs employee thing but I don't understand why a company would want to hire an IC then?" No one has answered this as of yet. Why would a company hire an IC then? Because they don't have to take out taxes, (including their share of Social Security), and they do not have to provide benefits. All they have to do is cut the IC a check, and then the IC is responsible for all the taxes, including all of the Social Sec ...

Nov 01, 2010

WELL I have tried for 30 mins to get Support to answer. am on hold as I write this. I need a real person to help me do something on my other computer. geezzzz... I am in SOUTH region and I don't go on until 6pm. Are we down again? ...

Feb 19, 2012

Can anyone tell me where I send the constant errors on the same exact thing from ASR to so that they can fix it??? Please ...

Apr 10, 2012

Hey All - I did the online tests yesterday, skills and practicum of four reports. How long does it generally take to hear back from a recruiter on how you did, or get that dreaded failure email? I have 19 years of experience, including 3 years of working on a Nuance platform (EEE) and yet I'm still nervous. Just curious if anyone has recent experience with the timeline. Thanks in advance! ...

Jun 08, 2013

Asked almost a week ago. Thanks. ...

Aug 07, 2013

I've run out of work a few times this morning but each time for just less than 15 minutes. I understand we cannot do a remedy ticket until we are out 15 minutes. Punching in and out this morning I am now short about 45 minutes and I cannot work past my shift today. How do I account for those 45 minutes waiting for work? I just wish I would hit 15 minutes already and let the aggravation end. ...

Mar 27, 2014

If accuracy was so important, why not give us all tools necessary to produce accurate documents? Is it because the number of errors would be cut down by allowing us to ask the decision makers questions? Would they then have to give out more incentive and quarterly bonuses? I may have answered my own question. ...

Nov 03, 2014

they will pay you. lol ...

Dec 13, 2014

Right now it is approaching 4 p.m. Eastern time. If my postaudit score is reading 99.7% right now, does that mean I'm safe and don't have to submit feedback for reversals, or do I need to check FIESA again at 4:59 p.m. to make sure I'm okay? Are they going to be that picky? ...

Mar 30, 2015

I had some questions and I never hear back. ...

May 07, 2015

Insane TAT contracted promises. Not my fault. Not my problem. Several new accounts brought on, but no MTs added to the pod. Not my fault. Not my problem. Apparently MM not getting enough new hires. Gee, wonder why. POD mistress apparently thought we were getting some new hires at least 3 weeks ago. LMAO. Not my fault. Not my problem. Plenty of MTs leaving. Gee, wonder why. Not my fault. Not my problem. I am looking forward to leaving. Hopefully, before this year is gone. Onl ...

Jun 10, 2015

I live in Chicago Illinois. Like many of you, I am production but get payed so little a line even making 160 lines an hour I make minimum wage for my "state" which is currently $8.25 (pretty sad). Anyway, Chicago is hiking the minum wage on July 1st to $10 an hour. As I live in Chicago, does anyone know if this pertains to me? Thanks in advance for answering! ...