HIPAA Compliance

eTRAN does not facilitate health care treatment, payment or operations for our clients, but does process client dictations and documents that contain Protected Health Information (PHI).   Therefore, we approach HIPAA's Privacy Rule with the level of emphasis that is expected from all business associates of covered entities.   eTRAN educates all employees and typists on the importance of protecting client information.

Below reflects the work flow model that eTRAN utilizes:


Specifically we use appropriate safeguards to prevent unauthorized use or disclosure of PHI.   Employees and typists are trained on regarding information pertaining to security, privacy, and confidentiality.

Examples of activities that are specifically prohibited include:

1.     Disclosing any client information, including PHI, for any purpose.

2.     Discussing client information in public or private with any person for any reason.

3.     Attempting to contact or contacting clients or anyone connected to  them for any reason.

4.     Generating written or printed copies of any client work.

5.     Maintaining any computer file or other record of client materials

6.     Leaving client information open to view by unauthorized persons.

7.     Document the permitted and required uses of PHI, as required by the Privacy Rule.

8.     Contractually agree that eTRAN will not use or further disclose the PHI other than as permitted or required by the contract or as required by law.

THE HIPAA SECURITY RULE

This rule concerns security of Electronic Protected Health Information. There are three types of security safeguards outlined in HIPAA: Administrative, Physical, and Technical.

ADMINISTRATIVE SAFEGUARDS

eTRAN adheres to the following Administrative Safeguards:

n The eTRAN system restricts access to PHI to individuals who have the required access authority and appropriate clearances.

n Both our clients and our typists require authentication in the system. Clients are authenticated using their Account ID and PIN when they login to the web site.   Typists are authenticated at multiple steps in the transcription process to increase the level of security.

n Our security model uses authorization to verify client access upon logging in and to verify which functionality is available to that particular client.   For typists, authorization is used to verify that they have been assigned a job and verifies the authority of a typist to download job information and upload finished documents.

n We maintain virus protection software on all servers to detect malicious software.

n eTRAN has tracking mechanisms to monitor each log-in and authentication to our system.

n We do not permit the sharing of passwords or email passwords. All employees are required to change their passwords periodically.

n eTRAN has policies and procedures regarding incidents and notification to clients.  In the event of attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations, eTRAN will:                

  • Assess the incident in terms of our risk management plan    and procedures.
  • Notify the covered entity/client and any other affected parties immediately of the incident and any impacts.
  • If the cause of the security incident is human-based, adhere to sanction and/or termination policy.
  • eTRAN has a full business continuity plan and maintains comprehensive contingency plans, which includes contingencies in case of power failure, internet failure, or network failure.  We also monitor available server storage space and maintain back-up files at all times.
  • As a business associate to our clients, we adhere to any contract requirements and provisions.  We will contractually agree that eTRAN will not use or further disclose the PHI other than as permitted or required by the contract or as required by law.

PHYSICAL SAFEGUARDS

eTRAN adheres to the following Physical Safeguards:

n eTRAN's production facilities are located in professional commercial office environments, with power back-up capacity, HVAC, and networks with firewall implementation.  These facilities maintain physical security including controlled access, secure server, and physical monitoring of personnel.

n eTRAN implements a workstation lockout policy and requires employees to change their passwords periodically.

n eTRAN has policies and procedures to prevent unauthorized physical access to workstations that can access PHI while ensuring that authorized employees have appropriate access.

TECHNICAL SAFEGUARDS

eTRAN adheres to the following Technical Safeguards:

n All systems require a unique user name and password to gain access.  eTRAN desktops implement an automatic lockout if left unattended.

n eTRAN tracks and logs all movement of information systems and electronic media containing PHI.

n eTRAN ensures that electronically transmitted PHI is not improperly modified by implementing 128-bit secure socket layer encryption and audit trails.