HIPAA Compliance and Security
Brown & Meyers has 25+ years of experience in providing secure, HIPAA compliant transcription services to hundreds of medical and legal clients nationwide.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to ensure health insurance portability when workers change or lose their jobs as well as protecting the security and privacy of sensitive health information.
WebChart’s Secure Dictation Platform
Brown & Meyers uses WebChart’s secure dictation platform to ensure complete HIPAA compliance, confidentiality and security of your customers’ information.
Protecting PHI in the Digital Workplace
WebChart takes the following steps to protect PHI from being stored on the computers of employees involved in the production and management of patient healthcare information:
- Many web-based systems inadvertently store files accessed from a web-based application in a Temp or temporary internet folder. WebChart’s system sweeps the user’s Temp directory and automatically purges all PHI that was opened by the user after each access to their online account.
- After transcribing and uploading a completed document, WebChart immediately purges the audio file from the transcriptionist’s computer. A copy of the completed transcription can be configured for storage on the transcriptionist’s computer in a hidden folder (ShadowCopy) for disaster recovery purposes and purged at a configurable time interval.
Audit & Security Features
WebChart has the following primary features for Audit and Security:
- All Web traffic is sent over a 128-bit encrypted SSL channel.
- All dictations and documents are stored in an encrypted form in the database. A 256- bit AES (Rijndael) encryption scheme is used to accomplish this. The same scheme is also approved for securing TOP SECRET US Government data by the NSA.
- All passwords are stored using a one-way hash and a random salt value. When users authenticate themselves on the web portal, the passwords entered are hashed as well and only hashes are compared, thus increasing user password security.
- WebChart allows the Client as well as the transcriptionist Vendor to edit documents online via the web portal. Prior iterations of all documents edited in this fashion are preserved as well to maintain full history. Thus, when the audit trail says the document was edited, the user is able to look in the prior iterations and see exactly what edit was done.
- All Document and Dictation access is captured in an extensive audit trail, with every action taken against the document or dictation being made available to view via the web portal. Each action is also marked with a date/time stamp, the type of action, and the username of the person who performed the action (see image).
- All document edits are stored in a Document History archive, which retains each version of the document, and displays who made edits and when.
Additional WebChart Security Information:
- WebchartMD protecting data and HIPAA overview (PPS)
- WebchartMD’s data center features and security (PDF)
- WebchartMD’s PCI Compliance Attestation (PDF)
Additional B&M Security Measures:
At B&M we are well aware of the dangers in faxing, file sharing and emailing sensitive information relating to PHI, HIV infection status, substance abuse treatment, and mental health records. For this purpose, the following internal security measures, outside of the WebChart platform, are in place to ensure both security and proficiency in data use and control, as well as to provide additional workflow options to our clients:
Sharefile by Citrix
Secure, HIPAA compliant file sharing and email transmissions. B&M utilizes a cloudbased HIPAA compliant mail platform called Sharefile by Citrix. Files are kept secure during transfer with SSL/TLS encryption protocols. In the cloud, storage of your files is kept safe using AET 256-bit encryption. When sending files via email, the Microsoft Outlook plugin always encrypts the file that’s being sent.
S-Fax by Script
Secure, HIPAA compliant faxing (send and receive). B&M utilizes a cloud-based, HIPAA compliant faxing platform called Sfax by Scrypt, Inc. S-fax was designed to withstand the rigors of healthcare. S-fax enables you to send, receive, annotate, digitally sign and manage faxes without printing a single physical document. All your documents are protected by strong encryption with SSAE16 Type 2 data centers.
Additionally, B&M has on file bilateral BAA (Business Associate Agreements) with both Scrypt, Inc. and Citrix.