Organizations that rely on Digital Voice Recording for medical record purposes need to be concerned about more than just accuracy, expense and ease of use. They also must be sure that whatever Digital Voice Recording solution they rely on is HIPAA-compliant. Among the requirements:
- Encrypted local storage: All patient records must be encrypted using AES-256 bit encryption (or stronger), according to HIPAA.
- Encrypted transfer: All HIPAA-compliant applications and devices must be able to transfer any records via a secure transfer method. Standard email or FTP protocols are not secure enough and for that reason transfer of patient records using these methods is not HIPAA compliant. The minimum standard, as with storage, is AES-256.
- Offsite backup storage: Data storage solutions such as Dropbox or Google Docs are no acceptable for HIPAA compliance. Backup files must be encrypted using AES-256, and if a third-party vendor is responsible for backup storage, the organization must have a formal Business Associate agreement with the vendor addressing liability.
Though digital voice recordings can be a vital element of medical claim and bill processing, ensuring they are HIPAA compliant can be a complex task for an organization to deal with. Outsourcing those needs to an experienced third-party administrator with access to leading-edge technology can ensure compliance, reduce expenses and free employees to focus instead on core competencies.