Do you have medical audio files that need transcribing? If ...
Medical transcribers deal with sensitive health information and they have specific obligations that are often protected by the law. Like others who deal with medical information, medical transcribers are required to observe privacy and confidentiality laws, along with any other rules and procedures set out by their employer or contracting business. Failing to comply with these standards could compromise your ability to deliver on the quality & security promise which upholds your work.
Both privacy and confidentiality are important concepts for medical transcribers, but they refer to different things.
Privacy, in Australia, is regulated by the Privacy Act 1988, a national law that includes the 13 Australian Privacy Principles. Privacy is about how personal information is handled. For example, if a business or government entity has been provided with personal information, the privacy laws might prohibit that information being used in a way that the individual hasn’t consented to. Medical or health information is usually subject to stricter rules. States, including New South Wales, Victoria, and the ACT, have their own privacy laws that apply in addition to the national legislation.
Confidentiality is usually framed as a duty that requires individuals, businesses, or other entities to protect another party’s information, which can include commercial secrets or medical and health information. In Australia, confidentiality is mostly based in the common law, so there’s no specific legislation that covers it, though some state laws cover ‘secrecy’.
As a medical transcriber, you’ll be dealing with sensitive information that’s protected by privacy laws and duties of confidentiality, so it’s important that you fully understand what these are. Ask your employer or contracting business if you have any doubts, and check your employment contract. If you run your own transcribing business, you might find it useful to seek legal advice if you’re unsure.
At a general level, it means you shouldn’t talk to anyone about anything you transcribe, and you should take measures to protect the data that you deal with.
Examples of breaches of medical information privacy or confidentiality can include talking to someone in a public place about what you’ve been transcribing or discussing it with family or friends. Another example of breach can be failure to protect personal information from misuse or unauthorised access.
If you breach the Privacy Act 1988, you could be the subject of an action by the Privacy Commissioner, who can apply to court for a civil penalty order against you. Currently, one penalty unit (Commonwealth) is $180, so individuals can be fined up to $340,000 (and corporations $1.8 million) in more serious cases. Depending on your state or territory, there could be other laws that apply, with corresponding fines. Currently there’s no avenue for individual parties to bring an action in court for breach of privacy.
A breach of ‘secrecy’or confidentiality could lead to civil actions for loss or penalties, so it’s also important to be clear about your obligations in terms of confidentiality.
To fulfil your responsibilities with respect to privacy and confidentiality, have good risk management practices in place. This applies whether you’re an employee medical transcriber or a contractor working offsite.
If you work at a transcribing organisation, your employers should ideally provide you with policies and guidelines and the right hardware and software to fulfil privacy obligations. For example, confidential medical information cannot be taken off-site unless you use the latest encryption technology at home.
If you use your own hardware and software for your transcription work, always use encryption tools when transferring data. Make use of security tools such as Windows Defender to protect your computer from malware and malicious attacks, and turn on automatic updates to keep your computer up to date.
Deleting a file on your computer doesn’t mean it’s no longer recoverable. To securely erase files, use a secure erase tool to write over the deleted file. If you buy a new computer, your old computer’s hard disk should also be securely erased to prevent recovery after disposal.
Never discuss the content of your transcription work with family, friends, or anyone else. If you’re a contractor working from home or your own site, make sure you lock your computer and password protect access to your workstation even if you’re just leaving your desk for a short break. Follow this procedure even if you’re working at home and there’s no one but family around. Lock your computer and always protect access.
If you’re a contractor, check that your data storage arrangements are secure. Medical transcription companies usually provide strict guidelines on how and for how long you should keep any protected data, so follow these guidelines. For example, you might be required to delete files as soon as you’ve submitted each task.
If you use offshore cloud storage services, ensure they comply with the Australian Privacy Principles. Medical records can’t be sent offshore unless the destination provides the same level of privacy protection. Ask your service provider about vulnerability testing and the types of security measures they use, since there are many cases of medical information being exposed due to file server upgrades or poor security measures.
As a medical contractor, there are strict rules on privacy and confidentiality that you need to be clear about. Fulfilling your responsibilities can include being discreet about the information you deal with and using appropriate technology tools. Integrate these into your work as a matter of practice, and seek advice if you’re unsure about anything.