SA PROFESSIONAL TYPING SERVICES ONLINE CC (saproType)

What follows are examples of the saproType "Confidentiality policy for the use of Protected Health Legal and other confidential information" and "The policy for computer security and work area arrangements in a home or office setting" which are signed by all saproType transcriptionists and which are mentioned in paragraph 7.2 of the Terms and Conditions:

Confidentiality Policy for the Use of Protected Health, Legal and other Confidential Information

The health legal and other confidential information maintained by the Company will be utilised in the manner intended: to provide patient-care, legal and other confidential documentation, conduct on-going health-care, legal and other confidential operations, and conduct the daily business of the organisation. The information will not be accessed for any purpose other than to ensure quality transcription of the patient’s or client record. Access to this information will be limited to a “need-to-know” basis and strongly protected. At all times, the information will be protected so as to ensure the privacy of the patient or client whose information we use.

The Company has a legal and ethical responsibility to safeguard the privacy of all patients and clients and protect the confidentiality of their health legal and other confidential information. In the course of the period that the independent contractor (the Contractor) performs freelance services for the Company, she will come into contact with confidential patient or client information. It should be understood that such information must be maintained in the strictest confidence. As a condition of the agreement, contractors who perform the freelance services must agree that, during and after the period that they have performed independent contact work for the Company that they undertake neither to disclose any patient, client and/or other confidential information to any persons whatsoever nor allow any person to examine or make copies of any patient, client and/or other confidential information other than as necessary in the course of the agreement. When patient, client and/or other confidential information must be discussed with other workers in the course of the freelance services, the utmost discretion must be used to ensure that others who are not involved in the patient’s care, legal or other confidential matter cannot overhear such conversations.

It is understood that any violation of this will be considered a fundamental breach of this agreement.

Policy for Computer Security and for Work Area Arrangements in a Home or Office Setting

In the course of performing medical transcription of a patient’s record, any legal or other confidential document, a Contractor is provided access to confidential client and patient information. The safeguarding of this confidential information is the primary responsibility of the Contractor engaged as an independent contractor to the Company. It is a requirement that the security of confidential personally identifiable medical, legal and other confidential information is ensured including, but not limited to, the patient’s or client’s name, address, and financial and diagnostic legal or other confidential information. Offsite freelance services rendered by the Contractor are to be held to the same policies as those who freelance onsite. All medical, legal and other confidential transcription work areas must be secure in such a manner as to protect the health, legal and other confidential information processed in that work area. In order to accomplish this and to ensure compliance, the Contractor undertakes to always comply with the following steps related to computer safety and securing the work area:

1. The Contractor must have a basic working knowledge of the hardware/software programs used.
2. Maintain and use the most current version of virus protection software. Computers with Internet access should have active firewalls in place to prevent others from gaining access to the computer without the contractor’s knowledge.
3. Software programs that allow file sharing such as games and music programs are not to be installed on any computer where protected health information is used.
4. Perform routine operating system updates as instructed by the client’s information systems department. Updates are to be performed manually when necessary. The automatic update capability of any software in the computer should be turned off.
5. The Contractor must provide the Company with a signed statement ensuring that the computer used to process protected health information is a work tool that is not shared by family members. If this is not possible, the Contractor must provide assurance that acceptable measures have been taken to ensure patient confidentiality, such as password protected folders and encrypted files. Passwords must be kept secure and should be changed frequently (see Disaster Recovery below). Also recommended are a password-protected screen saver and the habit of locking the computer whenever one steps away from it.
6. Not save, in any form, information accessed on the computer or files of a client.
7. Return or shred any information printed during the course of performing the freelance services.
8. Any file copies containing patient, legal and other confidential information, should be locked in a secure cabinet or drawer when they are not being utilised. They should never be left on a desk unattended.
9. Never access ones own information or the information of someone known personally. Only access those accounts assigned.
10. Never alter, change, update, or delete any authentic contents of computers or files unless properly authorised to do so.
11. Only perform activities associated with your independent contract work.
12. Only access computers or files on a need-to-know basis.
13. Immediately notify the Company if someone asks to improperly alter information in relation to the freelance services.
14. Never disclose the Contractor’s password to anyone for any reason.
15. Never allow anyone to view the Contractor’s computer screen while in use.
16. Set screen savers on the computers so that they are activated after two minutes of inactivity.
17. Position computer screens so they face away from all public areas and so that they are unavailable to those entering the work area, including family.
18. Never leave the computer logged on and accessible while unattended. Log out of the system when leaving your workstation for any reason.
19. Do not leave protected health, legal and other confidential information on the screen for others to access.
20. Never play portions of voice files that contain protected health, legal and other confidential information over a speaker. Always use headsets.
21. Never store passwords where others can see them.
22. Never allow access to patient files by others.
23. Return work immediately upon completion. Copies will only be stored on the hard drive until verification of delivery and billing. Protected health information will be retained until the client/service acknowledges receipt and payment is received, and will be removed from the computer, transferred to disk/CD, and stored securely in a fireproof locked cabinet or receptacle. Once receipt is acknowledged and payment received, the media will then be appropriately destroyed. Work logs will be handled in the same manner.
24. Remove all protected health, legal and other confidential information from the computer hard drive when the computer must be repaired. If a hard drive is replaced, the Contractor will ensure that the old hard drive is destroyed. A record will be kept of those who made the repairs.
25. Physical Media: Information on audiocassette or other media (disks) is to be shipped or mailed only by a carrier who can track the shipment and who will not deliver unless a designated recipient signs a receipt. When not in use, the contractor is to store such media in a suitably secure locked receptacle/storage cabinet
26. Access to Voice Files and Demographic Databases: Passwords are to be required for access. The Contractor is responsible for maintaining confidentiality by never sharing passwords or access and always logging out of databases or transcription platforms when finished. Each person is accountable for all activity under his or her password and account.

Disaster Recovery/Backup Planning

Precautions should be taken for equipment failure and adverse environmental conditions such as power outages. Precautions include:

1. Set software applications that have automatic backup features to a frequency of two to five minutes.
2. Use surge protectors for computers and other devices such as transcribers, including both electrical connections and phone line connections.
3. On a daily basis, back up text files to a removable backup device (such as floppy disk or CD) when work needs to be re-sent in case of computer failure.
4. Develop an alternate method for returning work if the usual manner is not available, such as if Internet access is unavailable.
5. The Company should always have updated computer passwords in case the contractor is incapacitated. The contractor must provide an emergency contact person to a designated person (who – company or home) who can physically access the contractor’s work area and computer. In an emergency, the company might need to give the emergency contact the passwords and have all protected health, legal and other confidential information that is retained by the contractor retrieved or destroyed. If tapes are used, the emergency contact person should be aware of where un-typed tapes are kept so that they can be returned to the Company immediately. In the event of the Contractor’s death or permanent disability, the designated person at the Company is authorised to remove of protected health, legal and other confidential information from the computer.

Security/Privacy Breach:

In the case of unauthorised disclosure or theft of protected health, legal and other confidential information or hardware the Company is to be notified immediately followed by a detailed written report. Steps must be taken to ensure that further breaches will not occur, and these steps must be documented.