This article discusses the significance of HIPAA compliance for various aspects of a medical practice including medical transcription.

1. www.medicaltranscriptionservicecompany.com
HIPAA Compliance Checklist for
Medical Practices

2. www.medicaltranscriptionservicecompany.com
HIPAA is an extensive set of rules and regulations that govern the privacy, security,
and portability of patient health information in a medical practice. Confidentiality and
security are extremely significant in healthcare services and all procedures and
policies within the practice need to strictly adhere to HIPAA rules. Maintaining a
checklist can ensure that all the necessary security rules and guidelines are met.
Is Your Practice HIPAA Compliant?
Certain important points need to be considered when a HIPAA compliance checklist is
prepared. Practices can measure their compliance by using a checklist which includes
the following elements:
 Organizational requirements include designating a HIPAA compliance officer,
conducting risk analysis and document results, Notice of Privacy Practices,
business associate agreements, and record retention
 Uses and disclosure include policy for uses and disclosures of protected health
information, mitigation policy, and policies for marketing uses and
disclosures, research uses and disclosures, uses and disclosures required by
law
 Safeguards include policies for visitors, oral communications, mail
correspondence, fax and email, and destruction of PHI.
 Patient rights such as policies for patient access to medical records,
confidential communications, patient requests to amend medical records, and
patient representatives.
 Measures pertaining to the workforce include annual HIPAA training for entire
workforce, employee sanctions policy for non-compliance, confidentiality
agreements signed by all employees, and policy for medical information in
personnel files
 Complaints and incidents include HIPAA incident reporting process, breach
notification process, and process to handle HIPAA-related complaints.
 Administrative safeguards include Review information system activity
periodically, Unique user IDs and secure passwords, Periodic evaluation/audit
of risk analysis and policies and procedures
 Physical safeguard include physical access controls, policy for workstation
use, media disposal and reuse policy, document maintenance records

3. www.medicaltranscriptionservicecompany.com
 Technical safeguard include data backup and storage, automatic
logoff/workstation lock policy, and encryption and decryption of ePHI.
HIPAA Compliance in Medical Transcription
Busy medical practitioners usually rely on medical transcription services for their
documentation needs. When outsourcing, it’s critical that they choose a HIPAA
compliant company. HIPAA-compliant service ensures that health care
information is handled in a safe and confidential manner.
How Transcription Companies Ensure HIPAA
Compliance
 Password protection for all computer systems
 Regular Windows update and monthly backups for security of computers
 Screening of employees during entry and exit
 CD drives, USB and floppy disks are disabled on computers to prevent
copying
 Secure FTP for upload and download of audio files
 Minimum 128 bit encryption for transfer of medical records
 Firewall protection and file encryption software
 Staffs fully trained in privacy matters, security measures, and HIPAA
guidelines
By tracking the results of their compliance processes, medical practices can ensure
that they meet the necessary HIPAA standards. This can be effectively accomplished
with HIPAA compliant software. When it comes to transcription, care must be taken
to find a service provider that strictly adheres to HIPAA rules.