Untitled Document

Voice & Document Security

Management of dictation, transcription and document distribution processes:

Often overlooked tenets of Transcription Workflow Security

1. Voice files need to be treated with the same security concerns (access audit trail, destruction policy, secure transfer management, encryption, etc.) as transcribed reports.

2. The PC and workflow utilized by any remote transcriptionists needs to be fully monitored and tracked (i.e. are voice files or reports ever saved locally to remote PCs).

3. HIPAA policy and procedures are only as effective as the toolset for detecting breaches in the policy.

4. Full audit trails covering every aspect of the workflow and able to record and detect any instance of access (listening to a voice file, viewing a report, downloading, printing, etc.) are the cornerstone of an enforceable privacy and security policy.

5. Email is an inherent security issue outside of a closed network (i.e. the Internet vs. a secure Intranet) and should be avoided even when security tools are available.

6. Security management can be leveraged to provide Release of Information (ROI) tracking that is otherwise difficult to monitor for compliance.

Dictation (Handheld devices) Workflow

Voice files are initially stored in the provider’s handheld dictation device. Note: The audit trail cannot begin until the device is connected to a computer for download.
MDnetwork software automates (no keyboard) the download of voice files to local PC.
Downloaded voice files are compared to files on handheld device to ensure an exact match.
Software deletes voice files from handheld device (download, compare and delete on a 45 minutes of dictation on a DS-4000 device takes approx 4 seconds).
Software encrypts voice files (128 bit) and creates secure connection (Secure Socket Layer Web Services) to the secure MDnetwork data center.
Once a secure connection is verified, the voice files are transferred to MDnetwork data center.
Transfer process monitors and maintains secure status of connection and creates full audit trail and tracking report.
Transfer software manages process and creates alerts, error folders and messages, etc.
Copies of voice files are held on the local workstation for predefined period (default 30 days)

ADT & SIU Interface

All ADT and SIU message traffic is encrypted and routed to the MDnetwork Data Center via secure connections (VPN or Secure Socket Layer Web Services).

MDnetwork Data Center

Host facilities provided by the InterNap (Tier 1) in Dallas, Texas
Firewall protection
Redundant fiber optic internet access
Redundant providers and traffic routing
Redundant servers
Managed switched network
Locked down cages and physical access security at Data Center.
Audit trails of all physical access to the Data Center
All server equipment is monitored and tracked (i.e. hard drives retired from the Data Center servers are certified as destroyed)

MT (Medical Transcriptionist) Workflow Processes

All users access through secure logins with tracking of login names and IP access address.
All access is through secure (128 bit SSL) connections.
Voice files encrypted and routed from the MDnetwork data center to designated MT’s without local storage and with full audit trail tracking.
All work performed on the MDnetwork platform (not the local hard drive).
Voice files and Transcribed documents never reside on the MT’s local PC.

Document Distribution

All user access is through secure logins with tracking of login names and IP access address.
All access is through secure (128 bit SSL) connections.
Document access and distribution is fully monitored and tracked via audit trail:
- online access and download via secure SSL connection
- online faxing with audit trails
- encrypted and routed to clinical EMR or document imaging application

Audit Trails

All users are assigned unique usernames and passwords
All access activity by report is tracked and recorded.
Audit trails are generated for all transactions including viewing, editing, downloading, printing, and faxing