Category: Privacy

Date: March 2003

Reviewed/Revised: April 2013

Introduction

EVMS Medical Group has adopted this policy to comply with the Health Insurance Portability and Accountability Act of 1996 to protect the security of electronic health information, as well as to meet our duty to protect the confidentiality and integrity of protected health information. All individuals who engage in dictation, transcription, maintenance, storage and retrieval of transcribed data of EVMS Medical Group (hereinafter referred to as "users") must be familiar with the policy. Demonstrated competence in the requirements of the policy is an important part of every user's responsibilities.

Assumptions

  1. Transcribed information contains protected health information.
  2. Transcriptions must be accurate to provide the highest quality of patient care. Inaccurate transcriptions put patients at risk.

Policy

  1. No Right to Privacy. The transcription system and all transcribed data are part of the business equipment of EVMS Medical Group, are owned by EVMS Medical Group, and are not user's property. Consequently, users have no right to privacy in their use of the transcription system or its data.
  2. Right to Monitor, Audit, Read. EVMS Medical Group reserves the right to monitor, audit, and read transcribed documents. The network administrator and/or EHR project manager may override user passwords. EVMS Medical Group may monitor the content and usage of the transcription system to support operational, maintenance, auditing, security, and investigative activities.
  3. Training and Authorization Required. A user may use the transcription system only after having completed prior training and having received proper authorization in accordance with EVMS Medical Group Personnel Security Policy. The Department is responsible for such training and authorization.
  4. Access. Access to health information, records, tapes, dictation, or a combination thereof is limited to authorized users on a need-to-know basis.
  5. Dictation and Dictation Playback. Dictation and dictation playback must be done in a secure environment that protects the information from being overheard by unauthorized persons. Health information may not be dictated into cellular phones or into public telephones where others can overhear the dictation or into equipment with an activated auto answer, such as answering machines.
  6. Shipping of Dictation. Dictation on audio cassette tapes, CDs, or other voice files may be shipped only in accordance with carriers and/or associates authorized by the EVMS Medical Group Compliance Officer.
  7. Log-off Required. Users must log off computers and/or dictation equipment when not transcribing unless using a pause feature that removes the document from screen view and access until the transcriptionist reactivates it.
  8. Electronic Transmission of Transcribed Data. No user may electronically transmit transcribed data except as authorized by Security Officer and consistent with relevant system security policies and chain of trust partner agreements.
  9. Network backup of transcription is kept for six to twelve months after which the files are archived or deleted.
  10. Release of Patient Data. No user may release any patient data except to the individual who dictated the data, EVMS Medical Group, or persons authorized in writing by the patient.

Enforcement

All Departments are responsible for enforcing this policy. Employees who violate this policy are subject to discipline, up to and including termination from employment, in accordance with EVMS Medical Groups’ Corrective Action Policy.