Protecting Your Patients & Organization with HIPAA Compliant Translation
Working in the healthcare industry, no matter what your title, it is your job to protect patient data from being compromised.
Failure to secure patients’ Protected Health Information (PHI) will damage your reputation, result in hefty HIPAA violation fines (possibly jail time), and expose affected patients to identity theft.
But it’s not just the medical organization itself that must comply with HIPAA regulations—ALL business associates of the organization must comply. If one of your business associates violates HIPAA—YOUR organization is still considered responsible.
Your translation services provider is considered a business associate. Life science and medical translation projects require transferring, uploading, and downloading documents (including ones with PHI) between you, your translation vendor, and their translators.
With all those documents being transferred from one place to another, it begs the question—
Does your provider exercise HIPAA-compliant translation processes to ensure data security?
What is HIPAA-Compliant Translation?
Your translation vendor should treat patient PHI with the same high-security measures and priority as your organization does. The safe and secure transfer of files/documents to be translated is the key to HIPAA-compliant translation.
If your translation vendor requests or sends files with PHI through email—this is a HIPAA violation!
If there were a data breach in your or your vendor’s email client, and there were documents with PHI attached to the emails—the culprit would have access to your patient’s personal information, which could result in identity fraud.
And according to HIPAA regulations, a breach like that would require you to inform ALL affected patients that their information had been compromised.
You lose patients’ trust, your reputation suffers, and the financial losses would be severe.
Ask your vendor…
- Is the translation process HIPAA-compliant?
- Are the translators trained in HIPAA-compliant processes?
Many translation services vendors will have their own HIPAA-compliant project management portal for your staff members to securely upload documents for translation, and safely download completed files. The same portal is used to grant document access to the translators working on your project. Encrypted file sharing platforms or FTP clients like Citrix ShareFile can also be used for transferring files securely.
Translators should be trained in proper HIPAA-compliant procedures when handling documents with PHI. Procedures like:
- Making sure to delete all files with PHI from their computer after a project is complete.
- NEVER sending completed translations through email.
- If documents with PHI are accidentally sent by email, then the email must be deleted from their inbox AND from their “Deleted” folder.
Even with all the HIPAA training you and your team go through, slip-ups happen and sometimes a document with a patient’s PHI is sent non-securely through email and other avenues. Again, if this happens, the email should be immediately deleted in all email folder locations.
Let’s go over the basics of PHI and HIPAA compliance.
What is PHI?
PHI stands for Protected Health Information. It is defined as any personally identifiable information used by a HIPAA-covered entity or business associate in relation to healthcare services.
There are 18 identifiers that are included under the HIPAA Privacy Rule:
- All geographical identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the U.S. Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000
- Dates (other than year) directly related to an individual, including birth date, admission date, and discharge date.
- Phone Numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health insurance beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers including serial numbers and license plate numbers
- Device identifiers and serial numbers
- Web URLs
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger, retinal and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code (except the unique code assigned by the investigator to code the data)
Any files or documentation with this information MUST be handled properly under the HIPAA Security Rule.
What is the HIPAA Security Rule?
The main goal of the HIPAA Security Rule is to protect patients’ PHI while allowing medical organizations and other HIPAA-covered entities to utilize new technologies to improve the quality and efficiency of patient care. These organizations are required to maintain reasonable administrative, technical, and physical safeguards for protecting PHI.
Here are the General Rules direct from the U.S. Department of Health and Human Services:
- Ensure the confidentiality, integrity, and availability of all PHI they create, receive, maintain or transmit.
- Identify and protect against reasonably anticipated threats to the security or integrity of the information.
- Protect against reasonably anticipated, impermissible uses or disclosures.
- Ensure compliance by their workforce.
Protecting Patients is Priority
Your organization is passionate about data protection, and your translation services vendor should be passionate about it too.
If you are unsure if your vendor is HIPAA-compliant, ask them! If they do not employ stringent HIPAA policies to securely handle your documents that contain PHI, it’s time to find a new vendor.
As an experienced language services provider, Teneo Linguistics Company only uses HIPAA-compliant translation processes because we care about protecting the privacy of patients, and care about the success of our clients. Our project management staff and language professionals are trained to protect PHI in all projects, and with exact detail. If your organization is interested in life sciences translation services, please contact us!