Globalization of Medical Transcription Industry Requires Proper Risk Analysis

AHIMA compiles list of top ten outsourcing questions for healthcare organizations

CHICAGO, October 30-US Healthcare organizations and their domestic transcription vendors are increasingly employing an international labor pool to meet the demand for transcription workloads. This growth in overseas outsourcing has also led to a growth in concern over the privacy and security of identifiable patient information.

In order to identify risk and reduce vulnerability before protection of patient information is compromised, the American Health Information Management Association (AHIMA) has compiled the top ten questions every healthcare organization should ask when outsourcing medical transcription services:

  1. How and where the work will be done and will any portion of the work be subcontracted?
  2. Who will be performing the work and at what pay rate?
  3. What policies, procedures, and training programs are in place at all of the contractor’s sites and are they compliant with industry standards for privacy and security?
  4. What laws govern the protection of personal health information in the countries where transcription services are being performed?
  5. How will the information be securely transported to and from the healthcare facility?
  6. How and when will physician and patient demographic information be provided to the contractor?
  7. How long will information dictated and transcribed reside on the contractor’s database?
  8. How will information retained on the contractor’s database be destroyed?
  9. How will the transcription service ensure and measure quality?
  10. What language exists in your contracts to assign responsibility for breaches of privacy and security?

While there is always risk for misuse and abuse when someone has access to another individual’s personal health information, the concern is far greater when that someone is based outside the US. The more degrees of separation that exist between the provider and the transcriptionist—whether foreign or domestic—the more difficult it is to manage all of the technical, procedural, and personal factors that go into keeping the information secure.

Conducting a proper risk analysis before the outsourcing contract is signed is not just smart business sense, it is also required under HIPAA. The HIPAA security rule requires every covered entity to conduct a risk analysis to determine security risks and implement measures “to sufficiently reduce those risks and vulnerabilities to a reasonable and appropriate level.” While the concept of risk management is not new to healthcare, making decisions about how to comply with a regulation using a risk-based approach is new.

However, as AHIMA’s COO, Sandy Fuller, MA, RHIA, points out, “The law is really only a deterrent when it comes to a patient’s privacy,” adding, “The fact that someone can be fined or jailed after they’ve released your personal health information does nothing to restore your privacy.” Therefore, the responsibility is on every healthcare organization to look beyond the regulatory requirements to ensure sound contracting and management of outsourced transcription services.

AHIMA has a strong record of addressing the management of medical transcription and outsourcing and has published several industry resource documents in the Journal of AHIMA, including a four-part series dedicated to transcription issues. To access these resources, click on the links below:

Four-Part Transcription Series:
Managing the Transcription Revolution
By Line, by Hour: Keeping the Transcription Machine Running
Tomorrow's Transcription Tools: What New Technology Means for Healthcare
Transcription Vendors: How to Make Them Your Closest Allies

Other relevant resources:
Letters of Agreement/Contracts
Security Risk Analysis and Management: An Overview

AHIMA is the national association of health information management (HIM) professionals. AHIMA's 46,000 members are dedicated to the effective management of personal health information needed to deliver quality healthcare to the public. Founded in 1928 to improve the quality of medical records, AHIMA is committed to advancing the HIM profession in an increasingly electronic and global environment through leadership in advocacy, education, certification, and lifelong learning. For information about the Association, go to

Source: AHIMA Press Release (October 30, 2003).