Toll-Free: 888-406-4060
Local: 415-227-4060

Court Reporting & Protecting Personal Health Information

When court reporters work with clients in the health care field, there are important privacy and data protection regulations to be concerned about. For example, if a court reporter is hired to take a deposition that involves patient health care records or involves the relationship between a health care provider and the patient, then certain federal regulations must be followed. It is also important to note that protecting personal information and privacy is not a purely health-related concern. Court reporters take special care to protect personal information regardless of the type of case. Whether the transcript is health-related or not, we make sure the personal information in all transcripts is protected.

Regulations

It is of the upmost importance to protect individuals’ personal information. The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act both set the standards for privacy and security of protected health information (PHI). PHI includes data and information that can be used to identify a person and relates to the health of that person and to the provision of health care of that person. Sometimes depositions involve PHI. If PHI is disclosed, then this information must be handled correctly by all parties involved.

“Covered entities” and “business associates” must handle PHI appropriately and follow the HIPAA regulations. Covered entities include health care providers, health insurance plans, and health care clearinghouses. Business associates, on the other hand, are the service providers (such as attorneys and court reporters) who act on the behalf of the covered entity and transmit, receive, and/or interact with PHI. Covered entities must establish a business associate agreement (BAA) with every one of their business associates. Furthermore, if business associates use subcontractors that will also be handling PHI, then the business associates must establish a BAA with those subcontractors.

According to an informational paper provided by the NCRA, BAAs must include the following:

1. An established way that the business associate (or subcontractor) is permitted to use and disclose PHI
2. A provision stating that the business associate (or subcontractor) may not use or disclose PHI in any other manner
3. A requirement that the business associate (or subcontractor) implement safeguards that are consistent with the Security Rule
4. A requirement that the business associate (or subcontractor) report unauthorized uses, disclosures, or breaches of PHI
5. A requirement that the business associate (or subcontractor) supports patient rights and accounts of disclosures and PHI access
6. An obligation that the business associate (or subcontractor) complies with applicable requirements under the Privacy Rule
7. A requirement that the business associate (or subcontractor) makes its internal practices, books, and records involving PHI activities and compliance available to HHS in case of an investigation
8. A call for the business associate (or subcontractor) to destroy or return all PHI at the termination of the BAA
9. A requirement that the business associate (or subcontractor) ensures its subcontractors execute a similar BAA and follow the same conditions and restrictions
10. An authorization to terminate the BAA if the business associate (or subcontractor) violates the BAA.

11. Additional provisions and requirements can be added to the BAA in order for the covered entity to lower its risk.

Not only is safeguarding PHI a legal concern, but it is also an ethical concern. At Combs Reporting, we are an Ethics First firm and take these regulations very seriously. In fact, we take special care to protect personal information regardless of the type of case. Whether the transcript is health-related or not, we make sure the personal information in all transcripts is protected. 


Contact us today for our court reporting services in the San Francisco area. We’re not just a local company. We provide services throughout the U.S.
 
Source: http://ncra.files.cms-plus.com/GovernmentRelations/HIPAA%20Overview%20Handout%20-%20FINAL.pdf