|
|
For other articles and previous issues click here. May 17, 2004 Rough Landing? The
Troubles With Offshore Transcription Recently, serious allegations have raised more concerns about the security of U.S. medical records being transcribed in foreign countries. Allegations against one of the nation’s largest medical transcription services has some industry observers wondering whether or not significant changes will be in store for the field. In particular, the issue of outsourcing medical transcription services to third-party firms and transcribing these services overseas is receiving renewed attention, especially in light of America’s continuing war against terrorism. Recent allegations by a former MedQuist employee that the company placed military personnel medical records at risk has raised questions about the practice of overseas transcription. Industry experts are wondering whether or not these allegations will lead to further scrutiny of the security of these offshore transcription services while some veterans whose personal health records may not be as secure as previously thought are outraged at the news. Around the same time the MedQuist story broke, news came of another potential privacy breach. The San Francisco Chronicle reported that last October Heartland Information Services, an Ohio-based transcription company, was the victim of an extortion attempt by its own workers in Bangalore, India. The Heartland employees threatened to reveal confidential information unless they received a cash payoff. “Through an anonymous e-mail, they threatened to release confidential patient records to the public if certain demands were not met in a specified time,” wrote Heartland Chief Operating Officer Tracy Boesch in a memo issued to employees. The threat garnered the attention of California lawmakers, who are considering legislation that would prohibit the transfer of patient information overseas. Heartland Information Services President Steve Mandell saw the threat differently. “No patient information was ever at risk,” he explained. “It was nothing more than disgruntled employees. This shows that the system works.” Outsourcing the transcribing of medical records overseas is not in itself an illegal or uncommon practice. Sean Carroll, CEO of Pittsburgh-based medical transcription company Webmedx and president of the Medical Transcription Industry Alliance (MTIA), says there are millions of medical transcriptions completed daily and that, under the right circumstances, outsourcing to overseas companies does work and that security is not compromised. “The main concern of MTIA is over medical privacy, and it is important we don’t see it as a foreign and domestic issue,” says Carroll. “There are really good companies who are located in the United States and overseas, and I would guess that in many cases, overseas companies have systems that are as or even more secure than American counterparts.” The MedQuist case involves allegations from former Senior System Administrator Susan Purdue, who has accused management of violating VACO (Veterans Administration Central Office) security policy regarding how veterans’ records are handled and transcribed. These practices allegedly included the outsourcing of medical records offshore. Purdue told For the Record that documents were coming through the corporate system 12 to 14 hours in the future beginning in September 2000. “I am not a medical transcriptionist, so as a rule, I never see the contents of documents, just the name of the document itself,” she says. “Proper date and time stamping are critical so that we know when to have it back to the facility. The time stamping was the first thing that alerted me to work being done offshore.” Her concerns were heightened when she claims to have discovered that MedQuist was transcribing medical records of active-duty military personnel overseas. According to Purdue, this work was being outsourced to companies in India and Pakistan (MedQuist denies it sends work to Pakistan) and that, unbeknownst to the VA, this outsourcing wasn’t being done just for inactive veterans. “One of my major concerns was that the records were being sent over the Internet,” says Purdue, adding that these files were sent as voice.wav files to an FTP site in India and therefore were subject to easy attack from experienced hackers. Purdue took her concerns to several government agencies, including the office of Sen John Edwards (D-N.C.), which is looking into the matter. “I would characterize what we’re doing as making an inquiry into a constituent’s concerns,” says Edwards’ Press Secretary Mike Briggs. “We’ve asked the VA some questions, and they have not yet responded.” Terry Jemison, public affairs specialist for the VA, says the VA has a contract with America’s Pride: Supporting Service-Connected Disabled Veterans, Inc., which subcontracted medical records to be transcribed at MedQuist’s Salem, Va., and Asheville, N.C., offices. He adds that the VA-America’s Pride contract specifically states that all transcription work must be done in the United States—a stipulation punishable by up to $10,000 per offense. However, Jemison says, “We have no reason to believe there’s been any criminal offense. We’re confident that the contract we have with America’s Pride—and anyone they subcontract with—is completely respected.” (Attempts to contact America’s Pride President Philip J. Saulnier were unsuccessful.) The contract between the VA and MedQuist came about when MedQuist purchased Andrew’s Medical Transcription Company in August 2000. According to MedQuist, Andrew’s, with permission from the VA, outsourced transcription work to an offshore company. In September 2001, MedQuist consolidated the VA work to its Asheville office to make use of a new software platform. One year later, the program was up and running, and MedQuist says the outsourcing of work offshore ceased. MedQuist President Greg Sebasky, who has been with the company since February, says he is confident the company has addressed Purdue’s concerns. He says MedQuist does not subcontract any VA work offshore and never violated its contract with the VA. MedQuist does subcontract transcription services to overseas companies when warranted and at the clients’ request. He estimates that only 3% of MedQuist’s transcription revenue comes from overseas work. “We review in great detail the control systems of those subcontractors we work with,” he says. Sebasky says MedQuist hopes to replace “low-cost labor” that competitors are providing through overseas transcriptions in India, Pakistan, and other countries with better technology that will allow transcriptionists to become “medical editors.” This means focusing on perfecting speech recognition. “We have a declining population of transcription professionals in North America, so this technology is very important,” says Sebasky, who estimates that transcription work productivity could be increased by 50% to 60% once speech recognition is perfected. “There’s a lot of emotion tied to this [privacy] issue within our industry and we share the concerns that others have of privacy. We take very seriously HIPAA [Health Insurance Portability and Accountability Act] guidelines and have strict policies in place to secure security, privacy, and confidentiality.” However, Purdue claims the issue with MedQuist goes beyond just overseas involvement. She says all VA transcription files include detailed personal information, such as Social Security numbers. While she was not responsible for typing or proofing this work, she did see it as it uploaded across the servers. Purdue says she never purposely read the reports, but as the system administrator it was her responsibility to monitor the processes in place for moving the data. Purdue says it was impossible to look at the screen while the work was uploading without viewing the actual reports. Also, she says the “ready work” lists of jobs waiting to be transcribed that were sent to the Indian transcription service via fax contained several fields of information to identify each piece of dictation. One of the fields was “subject,” which was populated by the veteran’s or active duty soldier’s Social Security number. Purdue says this information was not encrypted. If it wasn’t, this presents a potential new form of anti-U.S. terrorism and identity theft, which has been cited as the fastest-growing crime in the country by the FBI. After dealing with many different lawyers and going under the protection of the Sarbanes-Oxley Act (which makes it illegal for an employer to fire an employee for whistle-blowing on the employer’s illegal conduct), Purdue’s evidence was dismissed by the Occupational Safety & Health Administration because lawyers were unable to prove that MedQuist defrauded stockholders. After several years of turmoil, the Asheville, N.C., resident says she was fired from MedQuist in late March. MedQuist claims Purdue lost her job as a result of its Asheville office closing as part of its strategy to reduce costs. Nevertheless, the bigger story may be what these types of allegations will mean for the industry. Some changes have already been made. According to Jemison, in November 2003 the VA changed its contract to specifically state that its members’ medical records cannot be transcribed offshore. Purdue would like to see changes made to Sarbanes-Oxley so that it is expanded beyond procurement fraud—in other words, so that it will be illegal to defraud more than just stockholders. Yet, she doesn’t anticipate that significant changes will be made in how transcriptions are developed. “You won’t get a piece of software that will replace a transcriptionist,” Purdue says. “The other options like voice recognition are imperfect.” The issue isn’t about companies doing business overseas but rather how medical transcription firms conduct business, says Acusis CEO David Iwinski, Jr, the head of the Pittsburgh-based medical transcription firm that has overseas operations. He says the issue is how billing and line count practices are handled and that in many cases, American-based firms are the ones that should be examined. “All companies have an obligation like ours to be above board in how they handle their line counts,” Iwinski notes. “For a long time, some companies have taken advantage of the fact that they haven’t had to define how their line counts are developed.” When asked whether or not Acusis can verify that its internal security processes conform to HIPAA guidelines, Iwinski says it is business practices and company policies that define the level of security and integrity that a medical transcription firm displays, not where the transcription is completed. “I can ascertain that the issue of overseas firms providing less security is false,” he says. Iwinski says hospitals and health systems should ask two questions of medical transcription providers before they enter into a contract. The first is whether or not they subcontract work to outside firms. “If their answer is yes, then the level of security is out of their hands once the information is passed along to a subcontractor,” Iwinski explains. The second question is whether or not an outside authority has audited HIPAA compliance. Iwinski says Siemens Corporation recently audited Acusis with a positive report. “We can say our services are secure and great, but unless you have that nonpartisan authority verifying that, it doesn’t mean a thing.” In an earlier interview with For the Record (February 10, 2003), Iwinski said, “There are a couple of reasons why overseas outsourcing is likely to increasingly become the transcription ‘trend of the future.’ The high cost of in-house transcription, coupled with the shortage of U.S.-based transcriptionists, will mean that a greater percentage of transcription services will be performed outside of the United States, as well as outside the hospital or clinic.” Adjusters Asia, which is part of the Los Angeles-based parent company 1 Adjuster, Inc., is another such company that transcribes records in overseas offices but does not outsource the work. In addition to providing insurance-related claims adjustment, project management, mediation, and arbitration services, the company also offers offshore legal and medical transcription services—all on a secure server, according to the company’s Web site. The Web site also freely lists the advantages of having Adjusters Asia provide medical transcription services. First and foremost is a low base price. Also, transcriptionists work holidays at no extra charge, no overtime costs or taxes are charged, no employee benefits are paid, and there are no advertising or recruiting costs to pay. This translates into a significant savings. Adjusters Asia claims to receive 1 cent for each line of medical or legal transcription billed while providing what the company assures is highly secure services. Spectramedi.com President Frank Kunnumpurath offers clients three transcription options: have the work done completely in the United States, have it done in India, or have it done in a combination of both that will provide the highest turnaround time. He says up to 75% of his clients, many of whom are private practices, choose the India service because it is 35% to 40% cheaper than service that is completed domestically. “Until 1999, it was taboo to tell people that records were transcribed in India, so what we did when we started the business then was to let clients choose their services,” he says. MTIA President Carroll says healthcare systems or hospitals that outsource transcription need to be diligent in ensuring that the firm they partner with meets all the contractual requirements and is dedicated to medical privacy and HIPAA regulations. “The industry at large needs to recognize that improvements in the perception of the public need to be made in our business,” he says. “Billing method principles are an important issue in today’s world.” Carroll says MTIA has international members that do support quality documentation, HIPAA regulations, and outsourcing practices, but he understands the sensitivity of the subject. Yet, having medical transcription done overseas doesn’t sit well with many Americans—in particular veterans who have been made aware of the MedQuist controversy. North Carolina resident and former Air Force Intelligence agent Doug Cain recently met with Purdue to offer his help. The 46-year-old information technology (IT) professional established a Web site at www.privacyforvets.com to open discussions about privacy and security issues involving overseas outsourcing of medical records. Cain hopes to organize veterans and others in a way that doesn’t appear to be “sour grapes.” He says outsourcing medical records to overseas companies is an egregious act that could put family members of overseas U.S. military personnel at equal risk for terrorism attacks. “I would hope that we can appeal to politicians to point out the issues involved in this serious case,” he says. “I would hope that the Department of Homeland Security could get involved with the Commerce Department and develop strict regulations and penalties for companies that want to outsource information of American veterans or military or civilian men or women to overseas firms.” Cain realizes it will be difficult to get his point across in an appropriate manner to enact policy changes for medical transcription firms, but part of his plan is to focus on the security issues. “Politicians, like companies, are looking at it from an economic point of view,” he notes. “But now we live in different times where this information can be used in ways to hurt our country.” Michigan resident and World War II veteran Robert Breen couldn’t believe the news when informed of Purdue’s accusations and laments how readily available personal information is today. “I don’t want to jump the gun, but how do we know if the people working at these [offshore] companies are who they say they are?” he questions. “If you can find these companies on the Internet, who’s to say who might be working there viewing these files.” Breen, though, isn’t confident anything will come out of the offshore controversy, even after visiting Cain’s Web site. “Business is about making money, and I don’t think it’s going to be easy to prevent that. This is America after all,” he says. The issue may not be overseas transcription, but rather when companies outsource transcription services, whether it be to overseas companies or within the United States. A harsh warning against offshore outsourcing came from Ken Williams, director of security practice at Computer Associates International, Inc., during Digital Detroit’s Third Annual Security Summit in April. Williams called outsourcing “a Pandora’s box.” In addition, he said, “We have no idea what’s embedded in code developed offshore because all we are concerned about is rolling out the application. How many companies test their code to see what other calls are being made in the background? No one does that. We’re creating a situation where we’re going to pay dearly in the next cyberwar event.” However, Richard Stiennon, vice president of research at Gartner Inc. in the Detroit area, says any outsourcing—whether to someplace within the United States or overseas—is fraught with the same risks because a company loses control of information when it is contracted out to a different firm. Kunnumpurath agrees, saying that his operations are based on the UNIX platform, which eliminates “99% of the viruses” that affect computer systems, usually Windows-based in nature. All Spectramedi.com employees must access an internal system that includes 128-bit encryption protection on a private network. For employees to open individual transcription files, they need to enter two passwords. “We have all employees sign confidentiality agreements that fall into contract laws and aren’t affected by HIPAA,” says Kunnumpurath. “In that way, we go a step further than HIPAA requires with our security.” What is clear is that the practice of transcribing medical records overseas is now under a magnifying glass, which could result in federal legislation. As a result, these offshore incidents could change the way industry players manage their business. Purdue is thankful that many veterans have come to her defense, but she hopes the federal government will take a close look at this case and MedQuist’s data to potentially prevent any outsourcing of medical transcription—even for non-VA files. “It’s a serious issue. Even if you don’t have Social Security numbers with the files that aren’t VA, there’s still personal information available,” she says. As for any backlash from her stepping forward, Purdue has already felt the ramifications. “I lost a job I loved and one that I was good at,” she says. “Worse than that, I’ve lost my health and dental insurance for both myself and my husband, Paul. Quality jobs in IT are not plentiful in Asheville, N.C.” Purdue acknowledges that obtaining another job in her chosen profession won’t be easy. “I doubt any government contractors will want to hire a former whistle-blower, but I am hopeful that I can continue working actively as a veterans advocate and continue to be a voice for the many people out there whose jobs moved offshore,” she says. It appears more transcription jobs could be moving overseas. Allina Hospital and Clinics, the largest healthcare provider in Minneapolis-St. Paul, recently announced plans to outsource its transcription work. HealthScribe, a Virginia-based transcription company, will be doing the work. Chris Damvakaris, HealthScribe’s director of business development, told the Minneapolis Star Tribune that he has “no idea” whether or not the work would be done in India. Iwinski doesn’t feel Purdue’s allegations will have an adverse effect on his companies or overseas companies in general that keep their transcription in-house. However, he does feel medical transcription companies need to take the initiative to clean up the industry. “Companies need to police themselves within our own industry,” he advises. “And we all should be held accountable for what our practices are.” — Mike Scott is a freelance writer who has contributed to more than 70 magazines, newspapers, and Web sites on numerous topics—from business to healthcare to technology. He lives in Waterford, Mich.
|
 |
 |