| We strictly follow Health Insurance Portability
and Accountability Act (HIPAA) Regulations regarding remote transcription
services. The most important and relevant aspect of HIPAA related to remote
transcription services are Business Associate Agreements (BAA). HIPAA AND BUSINESS ASSOCIATE AGREEMENTS As per HIPAA: “A covered entity may permit a business associate to create, receive, maintain or transmit EPHI on the covered entity’s behalf only if the covered entity obtains satisfactory assurances in a written agreement that the business associate will safeguard the information in a written agreement that complies with 45 C.F.R. §164.314(a) (2003).87 This means that the business associate agreement must be modified to require the business associate to (1) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI it creates, maintains, receives or transmits on behalf of the covered entity; (2) ensures that any agent, including a subcontractor, to whom it provides such EPHI agrees to implement reasonable and appropriate safeguards to protect it; (3) report to the covered entity any security incident of which it becomes aware; and (4) authorizes termination of the agreement if the covered entity determines that the business associate has violated a material term of the contract.88 Different requirements apply when a covered entity and its business associate are both governmental entities, see 45 C.F.R. §164.314(a)(2)(ii) (2003). If a covered entity is a business associate of another covered entity and the covered entity violates the satisfactory assurances it provided to the other covered entity, the violating business associate/covered entity will be in violation of the implementation specifications under the security regulations.89”
|