E-Dictate's comprehensive program on HIPAA includes a set of processes that cover physical measures (storage of data and PHI) and IT-related "best practices" for electronic data communications. Internally, E-Dictate has come up with HIPAA training programs for all employees. The HIPAA training Program is managed by a HIPAA Officer. A brief overview of " best practices" for data handling and transcription processes provided below:

Data Storage and Backup

E-Dictate has implemented a storage and a data back up system with 99.9% uptime. The system offers full redundancy and achieves it by having two high-end servers at two datacenters (at two different geographical locations). The servers are hosted by Tier-1 service providers and come with services (features) such as 24x7/365 monitoring, firewalls, power back ups, etc.

Workforce

As a part of continuing education and awareness program, E-Dictate's workforce is trained and educated on HIPAA policies on a regular basis. All employees also sign a Confidentially Agreement. E-Dictate's HIPAA Officer is accountable for ensuring HIPAA compliance is always a part of any new system or process.

Data Transmission

All patient-related data (includes voice) transmission, to and from clients, is over Secure Socket Layer 128 bit encryption. This is the highest level of encryption available for business transactions and exceeds requirements.

Information Access and Audit

All employees are hired carefully with background checks and undergo an induction program to train on E-Dictate Transcription Platform and HIPAA requirements. All employees sign Confidentiality Agreements. The Confidentially Agreement contains detailed data handling guidelines as well. (No copying of data on diskettes, no emailing of data within the office or outside, etc.)

•  All employees (MTs, QAs, Managers) have unique Username and Passwords to access Transcription Platform. Dictations can be only accessed by securely logging in with a Username and Password, which is issued by our Systems Manager.

•  All Usernames and Passwords are unique and are changed frequently for security purposes.

•  All employees go through once a year HIPAA awareness training.

•  All PHI and transcribed reports are stored on two redundant servers and never on employee PCs.

•  Internet access and privileges are discontinued immediately upon termination of an employee or completion of contract or end of service on the grounds of disciplinary action arising from violation of any company policy.

E-Dictate discourages paper-based data exchange in the office. In fact, PHI or any other type of patient data exchange for business purposes is always done using Secure Socket Layer or Secure FTP technology (128-bit encrypted) among employees. Use of Email to send and receive any sensitive patient data (Date of Birth, Illness details etc.) is not permitted.