The HIPAA Privacy Rule
Dictadroid does not facilitate health care treatment, payment or operations for our clients but does process client dictations and documents that contain Protected Health Information (PHI).
Therefore, we approach HIPAA’s Privacy Rule with the level of emphasis that is expected from all business associates of covered entities. Specifically, we use appropriate safeguards to prevent unauthorized use or disclosure of PHI. In addition to maintaining strict technical standards under the HIPAA Security Rule, Dictadroid employees and typists must master an extensive set of procedures which includes information pertaining to security, privacy and confidentiality. Dictadroid educates all employees and typists on the importance of protecting client information and all Dictadroid employees and typists take HIPAA training.
The HIPAA Security Rule
This rule concerns security of Electronic Protected Health Information. There are three types of security safeguards outlined in HIPAA: Administrative, Physical and Technical.
- The Dictadroid system restricts access to PHI to individuals who have the required access authority
- Dictadroid has policies and procedures for employee terminations and onboarding and monitors access on an ongoing basis
- Our clients and our transcriptionists require authentication into the system. Clients are authenticated using their username and password when they use the login via the web site or the mobile app. Typists are authenticated at multiple steps in the transcription process to increase the level of security
- Dictadroid tracking mechanisms monitor each login and authentication to our system
- We do not permit the sharing of passwords or email passwords
- Dictadroid implements a security audit on all system changes and continually monitors and updates security controls and processes in order to document compliance with its own security policies and the HIPAA Security Rule
- Dictadroid production and disaster recovery environments are located in geographically dispersed facilities
- All of backend platforms used by Dictadroid are HIPAA compliant. These include data storage, databases, and automated transcription systems
- Dictadroid implements a workstation lockout policy and requires employees to change their passwords every 30 days
- Dictadroid has policies and procedures to prevent unauthorized physical access to workstations that can access PHI while ensuring that authorized employees have appropriate access
- All users have a unique username and password to access our system. All users seeking access are appropriately authenticated before access is granted
- For added security Dictadroid app allows users to enable passcode protection. When enabled user is asked to enter a passcode every time the app is launched
- Dictadroid tracks and logs all movement of information systems and electronic media containing PHI
- Dictadroid ensures that electronically transmitted PHI is not improperly modified by implementing 128-bit secure socket layer encryption and audit trails
If you have any questions about our security measures, please contact us.