We use the best practices for handling Protected Healthcare Information (PHI) and Medical Transcription, adhering to requirements of HIPAA norms. All client/patient details and medical transcription services related procedures, voice files storage, documented data storage and document management conforms or exceeds HIPAA regulations.
All the operational processes at Cybernation are fully automated. Raw data is received from clients by two different methods. The first method is by way of a toll free number call in dictation which is used by dictators to relay Patient Health Information (PHI) to Cybernation in audio form. We use dedicated toll free lines exclusively used for the dictation capture and the dial in dictate toll free numbers are known only to our registered clients. The call in toll free number is known only to the clients and is never revealed to the outside world thereby providing the first basis security barrier. Our Dial-In Dictation Server is secure and a closely guarded system because only the client knows his / her access code for accessing the servers for the purpose of dictation recording in itself makes the dictation Server extremely safe in terms of security. Additionally, the dictation recording server is in total control of Cybernation and the moment the audio file is recorded, it is relayed onto the processing queue which is a secure FTP space. The SFTP ensures that data present there in the form of audio files is always secure and not prone to any security breaches. The second method of receiving the audio files is for the dictators to upload the audio files from their digital hand held recording devices onto the Cybernation secure server. Cybernation provides a secure interface to all such clients who upload their audio files to us. This secure interface requires a Username and Password combination for logging in to the online portal. Only after a successful login can anybody upload files to the Cybernation portal.
This is so far as the data in its audio form is concerned. Stringent security is provided even after the data is transcribed and converted to the document format. All the processed PHI which is in the document format is provided to the clients through the same online secure portal. Not only is the data protected by a SSL encryption but only the clients who have a Username and Password combination for logging in to the online portal can access the PHI data. So, as can be ascertained from the above narration, Cybernation has ensured complete security of PHI sata and fully HIPAA ( Health Insurance Portability and Accountability Act ) compliant operations by implementing all the necessary security measures that make our entire process 100% secure and fully HIPAA Compliant - right from the initial physician dictations to the eventual delivery of the transcribed documents. These are not just mere claims of being fully HIPAA Compliant medical transcription service provider. Cybernation invites all prospective clients to sign up online and verify these security provisions by taking up the free trial offer and verifying everything first hand.
The following security measures have been implemented to safeguard data integrity, to ensure confidentiality, and provide constant uninterrupted availability of PHI Data.
Cybernation encrypts all Protected Health Information (PHI) with 128-bit encryption to ensure that data is secure at all times. Once the files are recorded we use an encryption mechanism, which encrypts the recorded files before they are transmitted through the Internet. The transmission is through secure and dedicated web space solely managed and used by Cybernation using a highly secure File Transfer Protocol.
The Computer Systems and networking equipments are password protected and the data traversing on those is bound by encryption technologies. All our Computer Systems and servers are protected by reliable Anti-Virus Software, encryption technologies and Firewalls Solutions. These provisions ensure controlled access to the infrastructure and at the same time restricts unauthorized access to the PHI data as well as the company's resources. Our servers have active security, automatically monitored 24x7, with automated end point protection and real time Network Intrusion Detection mechanisms.
Our Chief Technology Officer (CTO) is himself responsible for administering the PHI security procedures. We have already converted documented policies and procedures into relevant software logic on our workflow system where by we govern the basic access to, processing, dissemination, transmission, storage, and disposal of protected health information. We close system access to all ex-employees. All entry and access rights are removed when an employee parts ways with the company.
We handle the destruction and/or de-identification of PHI when a customer contract terminates. When a client no longer needs our services, their entire PHI data is deleted and completely purged from our servers. The CTO is to be made aware of any server outage and depending on the details of the situation he is the one who grants permission to commission the back up server or try and revive the main server. Till now such an even has not happened but should such a challenge present itself before us then the CTO himself would take a call and decide the next course of action.
All persons, administrators and transcriptionists, who have access to any sensitive information, patient records, or voice files, etc. have the appropriate clearances from the senior management of Cybernation who provide them with rights and priorities through the software in order to enable them to do their allocated tasks and duties. The company has in place, signed confidentiality, secrecy and non-disclosure agreements with all of the transcribers. We regularly provide training to our entire workforce for upgrading their awareness and instill a sense of responsibility towards maintaining privacy, security, and confidentiality. Totally fictitious and dummy data is used in the training of employees.
Every single audio that comes in for processing and transcription goes through multiple transactions before it is finally delivered to the client as a transcribed document report. Our workflow software is configured in a way to provide us extensive logging of all activity and this inherently prevents unauthorized viewing, editing, printing, deleting, or copying of any files/data by virtue of negating access to all else except the person(s) who are working on that particular job. This also helps in proactive scrutiny undertaken to prevent, detect & restrict all possible security breaches before they can possibly unfold. For implementing all this, Cybernation has a custom made software which keeps a track of all the points through which a file traverses right from the point of receipt mof the dictation from the client to the delivery of the of transcript to the client. This allows Cybernation to review any work in a detailed manner with the time audit trail as a ready reckoner in any and every case. So not only does this keep a track of all the happenings so far as the work is concerned by logging every single action and transaction but if at all there is any problem at any stage this detailed record helps us in tracking and pinpointing where the fault occurred and addressing the issues by making necessary corrections.
Although our main server is housed at arguably the best data center that the country has to offer, Cybernation has provisioned for total back up of all Protected Health Information (PHI) on a physically separate server which is housed at an entirely different Geographical location. Emergency oriented Contingency plans are in place to facilitate continuity of operations. All the important files and data are backed up on a secure backup server which is physically at a different location from the main server housing all the PHI. All this is done as per the established norms of backing up critical data at Cybernation. So even in the rarest of the rare instant, if our main server gets knocked out of service for what ever reasons Cybernation operations would be up and running within a few hours of the break down. So the PHI is safe and protected at all times including but not limited to events like fire, flood, earthquake, adverse weather or any random criminal acts as well as Force Majeure like conditions.
Both the main server and the back up server are housed at Data Centers which have extensive security arrangements and physical access to the servers is restricted to authorized personnel only. Both the data centers have secure entry and exits to prevent unauthorized physical access to the servers and the PHI contained therein. So the secure facilities at either location provides failsafe security to the servers at the physical level whereas the online access points are guarded by secure operating system firewalls, the latest anti-virus software and end point protection.