Health Information Compliance Alert
What Should We Do If Our Transcribers Are In Another Country?
PDF
Read the situation below and decide how you would handle it before you compare it to our expert's advice. Question: We're a large physician practice that's considering having our medical transcription done overseas. Do we need to be concerned about HIPAA's requirements if one of our business associates should end up being a non-U.S. company?
Answer: The fact that your transcription service isn't based in the U.S. doesn't change your obligations and your business associates under HIPAA, says Robyn Meinhardt, an attorney with Foley & Lardner in Denver. "The privacy rules don't distinguish where your business associates are located - the same rules apply," she states.
In order to do business and share your patients' protected health information with a foreign vendor, you would still need to acquire a business associate agreement, Meinhardt maintains.
An interesting aspect of the BA requirements that's been spelled out in the preamble to the regs is that a covered entity is not obligated to monitor its BAs, she adds. However, "if it becomes aware of a breach or a pattern or practice which breaches the privacy provisions, then it has to take certain steps" to address the situation, Meinhardt says.
Crucial: This is an important point to keep in mind if you're considering outsourcing any functions to a foreign business associate, since the remoteness of your BAs might make it more difficult for you to become aware of any such breaches, she suggests.
Additionally, one of the big concerns raised over outsourcing such tasks to non-U.S. companies is whether the country where the work is being done affords appropriate privacy protections of its own.
Countries such as India are on the verge of "adopting a set of privacy laws that are very much like the European Union's privacy laws," notes Meinhardt. And while such laws may not be more stringent than HIPAA, they are nonetheless more stringent than general U.S. privacy laws, she remarks.
So, in addition to your business associate provisions, these non-U.S. vendors generally will be beholden to their own national privacy legislation as well, explains Meinhardt.
Health Information Compliance Alert
- TRANSACTIONS:
TCS Testing Plan Vital To Ensure Your Business' Survival
3 tips to help you avoid enforcement watchdogs and lost revenues. If you haven't tested [...] - PATIENT RIGHTS:
Key Strategies For Handling HIPAA's Accounting of Disclosures Provision
If a patient wants to see how you've handled his PHI, you have to comply. [...] - PATIENT RIGHTS:
These Tips Help You Set Up A Disclosure Accounting System
Simple documentation protocol is easier and less expensive than you think. Once your organization has [...] - TRAINING:
Use Real-Life Examples For More Effective HIPAA Instruction
Check your program for these 3 basic components. If you're planning to educate only your [...] - YOU BE THE SECURITY EXPERT:
What Should We Do If Our Transcribers Are In Another Country?
Read the situation below and decide how you would handle it before you compare it [...] - READER QUESTION:
Do We Sign BAA For Clearinghouse?
Question: We have decided to use a clearinghouse for our transactions. The company we've chosen [...] - READER QUESTION:
Just Say "No" To Legislative Queries
Question: Legislative staffers have contacted several of our physicians recently wanting to discuss patients' health [...] - INDUSTRY NEWS
HIPAA Provision Requires Some ALFs to Obtain National Provider Identifier The Centers for Medicare & [...] - Compliance Tool:
Streamline Your Patients' Disclosure Requests With This Form