HIPAA defines companies that provide service to Healthcare Providers as Business Associates. While the guidelines and regulations of HIPAA are not directly enforced upon Business Associates, but rather on the Healthcare Providers they serve, it is vital that every Business Associate promote compliance in the services they offer to the Healthcare Provider in order to maintain a business relationship with that entity.
A Transcription Company, in it’s handling of physician dictation records, must enter into a written agreement with each physician or physician group that they will honor the privacy guidelines established by HIPAA and maintain technical and personnel safeguards to maintain the security of that data. It is the responsibility of the Healthcare Provider to establish privacy agreements with all of its Business Associates who handle protected patient data.
Transcription Companies should review the Security and Privacy guidelines enforced upon Healthcare Providers in order to anticipate the expectations demanded of transcription companies by each provider in order that they maintain their compliance with HIPAA.