Once again, technology is influencing change on the medical industry. A recent trend is physicians saying “farewell” to their digital recorders and “hello” to mobile dictation apps for their phone. Using your phone to record dictation seems like a logical decision, after all, people are rarely caught in a situation where they don’t have their phone in close proximity. However, before you download the latest dictation app and throw your digital recorder out the window, you need to make sure the app is HIPAA compliant.
Below you will find 3 security guidelines that are outlined in the HIPAA Privacy Rules. These 3 items must be met to ensure the dictation app for your phone meets HIPAA standards.
1. Password Protection: In order to comply with HIPAA, the dictation app must require a password to gain access to app contents. This password is in addition to any passcode that you may use to lock your phone. Just like your EHR software requires a separate login from your computer, the same rule applies on your phone in order to protect patient information.
Along the same lines, the dictation app must allow you to remotely (such as from your computer) change your app password or lock your account. Think of it this way, if your phone fell into the wrong hands, you would need to be able to act fast to change passwords and secure patient information.
2. Strong Encryption: According to the HIPAA Privacy Rules, the patient information that is stored on your phone will need to be encrypted using AES-256 bit encryption or stronger. Before selecting a dictation app for your phone, check to be sure encryption is used and that it is strong enough to meet HIPAA standards.
Once you can ensure your patient information is secure and protected on your phone, you must ensure that the method for transferring the information from your phone to your EHR or the cloud is also safe and secure. Email and File Transfer Protocols (“FTP”) are not a secure way to transfer data. You must ensure the dictation app uses a secure, encrypted method such as Secure Sockets Layer (“SSL” or “HTTPS://”).
3. Offsite Backup: Since you can not predict failures with technology or disaster situations, HIPAA requires that all patient information be backed up in an encrypted location. This location can either be a part of the cloud, or an “off-site” storage location. The backup location must also be encrypted with AES-256, and if you are using a 3rd party to host your information, then you must have a formal Business Associates Agreement with them. Examples of unacceptable backup locations include Google Docs and Digital Dropbox.
Now that you are aware of the requirements, you can start your search for the perfect dictation app to fit your needs.
Let Fast Chart Help
If you are simplifying your life by ditching the digital recorder, take it one step further and outsource your medical transcription services. When you chose to work with Fast Chart, you can expect a greater than 98.5% accuracy rate. Learn more about what sets us apart from other transcription companies and request a free quote today!