RxTranscript System RxTranscript Advantages RxTranscript process HIPAA Compliance Statement Significant Cost Savings
 

HIPAA Compliance Statement

Physical Security

Security begins by ensuring that the state-of-the art data center is physically secure and protected from criminal acts and equipment and utility failure. Physical security guarantees the safety of the client data stored within RxTranscript System. 

Physical security includes:

24 x 7 management, security and service availability

Motion sensors, video surveillance and breach alarms

Biometric, electronic key card and keypad access at all entry and exit points

HVAC temperature and humidity-control systems with separate cooling zones

Access-controlled suites with seismically–braced server racks and wire mesh to prevent intrusion

A double-walled service corridor around the perimeter of the suites to prevent electronic snooping

No visual access to client equipment

Raised floors and overhead cable gantry

State-of-the-art smoke detection and waterless fire suppression systems

Multiple fiber trunks for Internet traffic and inbound and outbound telephony

Fully redundant UPS (uninterrupted power supply) systems on the premises

Multiple backup diesel generators

 
Data Security

RxTranscript System is designed around the security and privacy of patient information as it passes through every stage of transcription workflow from dictation, routing and transcription to document delivery.
 

We use an ICSA certified firewall and filter on incoming ports allowing only FTP and management ports for administrative access into our system. 

The only access to our network is through a highly Secure Virtual Private Network(VPN) tunnel. Users must have a valid username and password. In addition users must have been assigned a shared security key to gain access. 

Our network performs Network Address Translation (NAT) and addresses cannot be routed without traversing the firewall. 

 

     

Internet access

Requires a unique username and password.

After a specified number of failed log-in attempts (determined by the client), the account is deactivated.

After a specified period of inactivity, users are automatically logged out of the system.

Telephone access

Unique user identification digit strings

Logged and verified ID modifications
 

Network Security

Dual configuration of High Availability firewalls provide security, packet filtering,
content filtering and intrusion detection.

Infrastructure and application changes are subject to rigorous control change procedures.

The network is monitored proactively with sophisticated monitoring tools.

The system includes an audit controls mechanism with alerts and management reporting.

 

      

Data Destruction

Data retained on RxTranscript System servers is destroyed based on customer defined contractual agreements.

Data and voice transmission security

All data and voice transmission among users, third party application and RxTranscript System data centers is conducted through Secure Socket Layer, a secure transmission method that uses 128-bit encryption algorithms, ensuring the privacy and the security of patient information and other personal data. 
 

Business Continuance

Parachute Partners has a business continuance plan in the event of a fire, system failure, natural disaster, vandalism or any other situation that could interrupt operations. The platform is fully redundant and scalable with the use of leading-edge data replication technologies, disc storage solutions. These technologies include:

Disc mirroring technology that ensures minimal or no loss of data in a catastrophic event

Data backups and off-line media that are stored at secure off-site locations

The electrical infrastructure at the data center that is supported by dual power feeds
    

Privacy: 

We are not responsible for nor will we provide access to any files on our system to any other person other that those authorized by the originator of the dictation. 

We will not release any files directly to a patient. 

The responsibility for enabling the patients to control their health records including access, disclosures, 'minimum necessary' standard, consent and authorization, etc. resides the medical professional who initiated that document.