March 15, 2010
Offshore Transcription: A Seaworthy Choice?
By Lisa A. Eramo
For The Record
Vol. 22 No. 5 P. 14
Before sending their medical records on an international excursion, providers need to take steps to ensure sensitive data receive first-class treatment.
The thought of sending confidential patient information halfway around the world to be transcribed may sound a bit nerve-racking to some healthcare organizations, but in today’s interconnected world of instantaneous and high-security data transfer, experts say there’s more to offshore transcription than meets the eye if providers are willing to take the time to examine and weigh the options.
“Over the last two years, we’ve seen clients adopt the international option much more than they had in the past. Globally, companies are more open to international labor pools,” says Sharon Fremer, vice president of transcription for Precyse Solutions in Alpharetta, Ga. Precyse, which gives its clients the option to go offshore or stay domestic, sends slightly less than one half of its transcription work international. Of this percentage, nearly all is performed through one Indian partner with which it has had joint ownership during the last eight years.
There’s no doubt that the offshore transcription industry is growing, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Ore., adding that the Philippine and Indian markets are leading the surge.
Cost savings may be one reason for using offshore transcription. On average, savings can be as much as 15% to 20% with a well-scoped international option, says Fremer. Offshore medical transcriptionists (MTs), many of whom have been through rigorous training and may even have a medical background themselves, can also help combat transcription shortages in the United States and handle work overflow, she adds.
Vinnie Shankar, owner of Decipher India, says he contracts entirely with U.S. companies and that business has remained steady over the last couple of years. His 270-employee operation is based out of Bangalore, India, where he says even the most experienced MTs, many of whom are male, earn $500 per month on average.
Although cost savings is a major incentive, it’s not the reason to consider an offshore option, says Kathy Nicholls, president of MT Tools Online and the Medical Transcription Training Alliance in Pueblo, Colo. “I believe there are some very well-qualified medical transcriptionists who do not live in the United States,” she says, adding that Barbados in particular is home to a skilled labor pool that produces high-quality work.
Others have a differing opinion. Chris Simons, RHIA, director of utilization management and HIM and the privacy officer at Spring Harbor Hospital in Westbrook, Me., would not consider an offshore option unless there were a dire financial reason for doing so. She says the risks outweigh the benefits, particularly from a security standpoint, and keeping MT jobs domestic may also help raise salaries in what she believes to be an underpaid profession.
There is a perception that sending information overseas poses a security risk, but that’s not necessarily true, says Apgar. Hospitals are technically at risk anytime they send data remotely regardless of whether they’re sending it up the street or across the world, he notes.
Although HIPAA doesn’t prohibit hospitals from outsourcing offshore, it’s sometimes difficult to hold other countries accountable to U.S. laws, says Apgar. However, that doesn’t mean there is no recourse for breaches if and when they occur. International financial courts may provide some resolution; another option is to simply withhold payment for not abiding by contractual obligations to secure information. Transcription companies are considered business associates (BAs) regardless of whether they are located in the United States or abroad, says Apgar. “There are a number of countries that have their own privacy and security laws, so you may also be able to hold them accountable in their own country’s court of law,” he adds.
Decipher India’s six-page confidentiality agreement references the Indian Information Technology Act of 2000 and states that disciplinary action may include immediate dismissal or liquidated damages in the amount of $5,000 for each MT. All employees must also sign policies that address the security of protected health information in regard to e-mail communications, fax requests, and telephone calls.
When contracting with offshore vendors, always include indemnification language that references all applicable laws, including those of the offshore country as well as HIPAA. The contract should also clearly spell out expectations for breach notifications and any associated costs. The HITECH Act requires BAs to comply with the use and disclosure provisions of the HIPAA privacy rule and the entire HIPAA security rule and holds them liable for any breaches that occur.
The following are several questions providers should ask when considering an offshore option:
• How can the offshore vendor ensure security? When thinking about security, hospitals need to remember that there are two types of data that must be protected: audio/voice files and transcribed data. Some companies use a secure domestic platform on which all data are stored. This allows for greater security because all data reside on the domestic platform, preventing offshore MTs from downloading information to their local computer terminals. Other vendors transfer files between domestic and offshore platforms or computer terminals. This option is less than ideal because the offshore MT is able to download information to an offshore platform or local computer where he or she can potentially copy, manipulate, or transfer it, says Fremer.
“The best online transcription software services are encrypted and use dedicated servers, which means hard copies or electronic data do not need to pass through less secure channels,” says Randy Olver, CEO of Emdat, a Web-based transcription software provider. “That type of security is an enormous benefit, whether the data is transmitted down the hall, across the street, or around the world.”
Emdat uses a centralized data center/server into which data flow in and out. Clients with an EHR rely on its ShadowLink application (installed at the client facility) to pull data from the server and log them into the medical record. Authorized users have access only to dictations allocated to them for transcription. Copy-and-paste capabilities are possible; however, users can access only data they have created.
• Can I track each record? Some platforms allow hospitals to track and audit records in real time. Both Precyse and Emdat allow authorized users to view a detailed job audit that shows whether a particular file is transcribed, awaiting transcription, or going through the quality assurance process. Clients can also view the dates and times of those activities, as well as the associated user names.
Apgar says it’s also important to ask whether the offshore vendor can provide audit logs that show each user’s access and transmission of the data. This is required as a technical safeguard according to the HIPAA security rule, he adds.
• Is the physical environment secure? Some offshore companies require all employees to work on site in a secured environment whereas others allow employees to work from home. Although there is an increasing trend for American MTs to work from home, it may be more secure for offshore MTs to work in a controlled environment, says Fremer.
At Decipher India, all employees work on site and under video surveillance unless they are specifically authorized by the client to work from home. In addition, the company uses biometric devices to prevent unauthorized access to the production room and server room. All of the device’s digital records are saved, reviewed, and audited.
• What is the disaster plan? Offshore companies should have a disaster response plan in place in the event that a weather-related or other type of operational disaster or disruption occurs, says Fremer, who points out that it could be devastating if an offshore vendor isn’t prepared and the domestic company must temporarily bring the transcription back onshore.
For example, the offshore vendor should be able to demonstrate multiple Internet lines and routes in case one line is cut. Precyse’s Indian partner has both an east coast and west coast route. In addition, Precyse recently hired a second Indian vendor (located in a different geographic region) to serve as a backup for its primary vendor in the event that there are work fluctuations, weather complications, or connectivity disruptions.
Aside from weather-related disasters, there are also protests, political rallies, local festivals, and other events that affect daily life, says Shankar. Decipher’s Bangalore office is one of five branch locations that help diversify its manpower and ensure continuous workflow when challenges arise.
Nicholls says be sure to ask about national holidays in the offshore country, as those may affect workflow and productivity when offshore employees are not available.
The vendor should also be able to demonstrate that its Internet connection is stable, says Shankar. Many companies work on smaller bandwidths that may not connect with domestic virtual private networks, he says.
• How often is the offshore company audited? Precyse sends a representative twice per year to audit offshore vendors to ensure compliance and adherence to service-level agreements. In addition, to certify that standards are met, it conducts daily, weekly, and monthly service-level agreement verification and audits. It also requires daily audit information regarding turnaround time for each client, MT-specific audit results, volume of charts transcribed and whether there have been any fluctuations, and status updates regarding documented action plans for subpar turnaround time or quality.
Decipher India undergoes a quarterly HIPAA audit conducted by an individual who contracts with U.S.-based clients. The individual is typically certified as an information systems auditor through the Information Systems Audit and Control Association.
• What type of training do offshore MTs receive? Ask specifically about HIPAA training and insist on being provided copies of any and all training materials or tests, says Nicholls.
Training regarding English grammar, spelling, and comprehension is also important. Shankar says learning English is sometimes the biggest challenge for offshore MTs. At Decipher India, all employees receive HIPAA education and undergo an intensive four-month training that focuses on medical terminology and the English language. It’s not uncommon for medical doctors to serve as tutors for the training program, he adds.
Some vendors hire an English language specialist to assist with the language component of training as well, says Fremer.
Actual work experience is just as important as training, says Nicholls. “Many new graduates or those from abbreviated training programs may be great at clinic work but cannot handle acute care hospital work types,” she says.
• How will queries be handled? In light of language barriers and unclear dictation, queries are inevitable. Be sure to inquire about how the vendor will handle questions when they arise. Will offshore MTs ask the client directly or will they go through another intermediary vendor? Precyse offers standard dictation templates that MTs can use to reference certain words, but there is also a process in place for offshore MTs to flag accounts, says Fremer.
• What is the quality assurance process? Offshore vendors should have a process in place for MTs who don’t meet required accuracy rates. For example, MTs who fail to meet requirements should send their work through multiple levels of quality assurance until the rate is on par with what’s outlined in the contract, says Fremer. When quality audits reveal that an MT is not performing as required, there should be steps in place to provide additional training as needed.
• What is the turnaround time? Don’t let a vendor fool you into thinking that international work requires a longer turnaround time, says Fremer. Many vendors offer a 12- or 24-hour turnaround time on all international work. Precyse offers an eight-hour turnaround time, and hospitals should ask for the requirement that best suits their needs in terms of treating patients, meeting regulatory guidelines, and minimizing discharge-not-final-billed accounts, says Fremer. Because vendors provide turnaround times daily, Precyse keeps a close eye on when those times are not being met. The vendor has 24 hours to improve its performance before a joint action plan is initiated. If the vendor continues to lag in its turnaround time, financial penalties could be incurred.
It’s especially important to ask the vendor how it will handle instances in which the turnaround time needs to be immediate, says Fremer. “I know this has been a sore spot for some clients,” she adds. “They were working with international vendors and needed a job back immediately. It was a cumbersome process.” Identifying a workflow contact person helps alleviate the burden, particularly when the need for immediate return occurs during the middle of the night for the offshore vendor.
At Decipher India, there is a help desk manned 24 hours per day for this very purpose, says Shankar.
Also be sure to inquire about speech recognition because the technology can enhance international productivity by as much as 45% to 50%, according to Fremer.
• What is the coverage? Because healthcare is a business that runs 24 hours per day, seven days per week, it’s helpful to have around-the-clock coverage, says Fremer. Time zone differences often work to the advantage of domestic companies when outsourcing offshore because daytime in other countries, such as India, is nighttime in the United States. “Hospitals have a much more robust work pool in the evening hours to make sure that the work is turned around accurately and timely,” she notes.
— Lisa A. Eramo is a freelance writer and editor in Cranston, R.I., who specializes in HIM, medical coding, and healthcare regulatory topics.