|
|
Main |
HIPAA Technology, Practices and Employee
Responsibilities ScriptWave
is workflow software that allows remote medical transcriptionists to
participate in sensitive and confidential patient medical records. ScriptWave’s responsibility is to secure the content of
these medical records while they are in transit
between the physician offices and the transcriptionists. When the dictation
and transcription files are located on the physician or transcriptionist
personal computers or local area networks, HIPAA compliance is the
responsibility of the physician or transcriptionist offices. Technology While in transit,
ScriptWave will utilize these technologies to ensure that the files remain
encrypted. ·
Prior to transmission,
files go thorough a 3-step encryption process that includes
client-specific keys and a proprietary encryption pass unique to
ScriptWave. The encryption
process is managed by the mudCryptor module. ·
During transmission,
ScriptWave uses Secure FTP (sFTP). sFTP
obscures login and password combination to the remote server, in addition
to adding another encryption level to dictation and transcription files. ·
As work progresses on
dictation and transcription files, the files reside on a file server.
This server is dedicated to ScriptWave and is kept in a secure data
center hosted by aplus.net.
No unencrypted content is placed on this server.
This server is not capable of running the mudCryptor tool to
prevent accidental or intentional decryption of any file on the remote
server. For additional information see: ScriptWave Security. ScripWave company practices ·
In order to support
ScriptWave, the technical support group has access to the mudCryptor tool. ·
The mudCryptor tool will be
used only to validate that files can be decrypted without error. · All use of the mudCryptor tool is managed through the ScriptWave tool, ScriptWaveTranscriptionAdmin. ·
ScriptWaveTranscriptionAdmin will log all use of mudCryptor and link this use to a production support
request from a ScriptWave client. ·
No production content will
be retained after the production support ticket is closed. ·
No production content will
be used in the ScriptWave test environments – only simulated dictation
and document files exist in the test and QA process. ·
A backup copy of ScriptWave
production data will be kept to allow recovery of files from problems on
the primary server. ·
This backup copy will be
kept in a locked location with access only to ScriptWave employees. ·
This backup will retain all
files in the mudCryptor-encrypted format. Employee Responsibilities ·
ScriptWave employees review
HIPAA privacy and compliance rules. ·
ScriptWave technical
support employees receive training with ScriptWaveTranscriptionAdmin,
and are made aware of audit and logging
capabilities. · ScriptWave employees are required to sign a Privacy and Non-Disclosure agreement for all client content and ScriptWave software tools. |