I spent hours today going over the HIPAA, HITECH and ARRA bills that go into effect this year regarding EHR (electronic health records) and the litany of rules and regulations can be mind boggling.
I am going to pay some attention to the particular page posted on HIPAA.com (above) with respect to the incident of a “Breach” of data. It is interesting to note on this page that a company can lose their entire business from a breach, if not, at least, suffer heavy fines.
Here is the one thing that troubles me. All of these laws can only pertain to domestic companies with respect to the transcription industry. Our government has spent a considerable amount of money to ensure that patient’s records are created, transmitted and stored in a secure environment, and this of course should be the case. However, nowhere in any of the publications, I have read, does it state what would happen to an offshore transcription company if they were to have a breach of security? This leads me to only one conclusion, if a practitioner, hospital or any other professional dealing with patient records were to be using an offshore transcription company and have a breach, I have to assume at this point since none of our government regulations could be enforced upon an offshore company, then the domestic entity using that service may in fact be the one that the government would hold responsible for the breach?
If you are a physician reading this, take a moment and visit our web site. We are an American company and for that reason we are subject to HIPAA regulations.