01. What caused the California incident?
A large hospital in California outsourced its medical transcription work to an external agency. From this agency, the work was subcontracted to various companies and was finally sent to a home-based medical transcriptionist in Pakistan. When this medical transcriptionist was not paid her dues, she threatened to publish all the patient data that she had on the internet.

02. How was the issue settled?
The issue was finally settled when one of the subcontractors in the long chain agreed to pay the medical transcriptionist her dues.

03. Was the medical transcriptionist’s threat real?
While we cannot really comment upon whether the medical transcriptionist really intended to publish the information that she had, what is indisputable is that she would definitely have had patient information with her.

04. What can we do to prevent such incidents?
The knee-jerk reaction to such an incident is to stop outsourcing. However, given the constraints under which healthcare service providers are currently operating, that is not a feasible solution.

Prevention of such incidents would only happen by choosing the right outsourcing partner. One who would ensure that quality work is done, and more importantly, also ensure that security and privacy are not compromised upon.

05. What is TransDyne's security policy?
TransDyne's security policy is designed to take care of the end-to-end security needs of its clients. At TransDyne, we look at security from various dimensions and ensure that we take suitable measures.

A::Designed for security & privacy. All our medical transcription related software applications are built in-house. During the design stage itself, we ensure that our applications conform to all the security & privacy standards, including but not limited to HIPAA standards.

B::Database based systems. At TransDyne, each voice dictation or transcribed document is considered an element of a database. By doing this, we tap the large knowledge base available in securing databases. Most other applications only use base operating system security, if any.

C::Data encryption. 128-bit encryption for all data transmission and secure socket layer connections for all intranet and internet accesses is the default standard used at TransDyne.

D::Firewalls. We deploy firewalls to ensure no unauthorized entry into the network.

E::Multi-tiered application architecture. Our multi-tiered architecture ensures that even in the unlikely event of unauthorized access to the network, access to databases is only possible after multiple authentications at various tiers.

F::Sterilized e-mail server. Sterilized e-mail servers and e-mail user base to ensure that except our clients and our customer support team, there is no other activity on the corporate e-mail servers.

G::Limited access. Our in-house medical transcription software doesn’t allow access to more than one dictation or one document at any point of time.

H::Denial of access & multi-modal alerts. Any suspicious activity on the network or at a particular workstation immediately triggers off a ‘denial-of-access’ procedure and also alerts our administrators through various modes including workstation alerts, alerts on mobile phones, and intranet alerts.

Our system is sensitive to the degree that a mouse click on the wrong folder would be marked in the security log. Such measures help us understand and predict user-behavior.

A:: Company-owned & managed facilities. All our medical transcription and customer support is done out of just two facilities. And both are 100% owned and managed by us. No external contractors; no home-based medical transcription.

B:: Manned security. At our medical transcription facility, where all our medical transcription is done, we employ manned security personnel at the single entry/exit point to make sure there is no unauthorized entry and exit.

C:: Video surveillance. Our medical transcription facilities are continuously under video surveillance to ensure that any suspicious activity is immediately noticed. The surveillance data is also archived to make sure we have access to past data too.

D:: No removable media. At none of our facilities do we deploy removable media for open use as removable media has often been the bane of many corporate computer systems.

Security features on the People & Processes dimension are as important as the other two.

A:: No sub-contractors. At TransDyne, we have always believed in doing all of our medical transcription in-house. We do not further outsource work to sub-contractors nor do we use home-based medical transcriptionists. This ensures that we are in control of the end-to-end movement of data and entire process from dictation to medical transcription.

B:: Security routine. All our applications and processes have in-built security routines to ensure that password changes, access audits and related exercises are done periodically. This helps us ensure user-level, user-defined security.

C:: Joint access. Most of our databases and other confidential information can only be accessed through the combination of passwords of atleast two individuals. Such measures help us in a phenomenal reduction of the probability of an internal security breach.

D:: Restricted internet and e-mail access. Unrestricted access to the internet can be an important security breach. We limit access to a handful of pre-defined sites through a proxy server. The proxy server restricts access only to these sites, and further ensures that no data uploads are permitted.

We also limit access to the corporate e-mail on a strictly per-needs basis. 98% of our employees do not have access to the corporate e-mail and for those who have this access, external e-mails can only be sent to permitted recipients.

E:: Legal declarations. Each of our employees is required to sign the declarations and documents as per HIPAA requirements. These legal documents are an important safeguard to ensure compliance with the privacy and data security norms that TransDyne insists upon.

F:: Security audits. We have an audit done on all our security procedures at least once every three months. Apart from that, we have a fortnightly audit to check for virus updates, patches and other related areas.

G:: Credential & background check. TransDyne uses the services of professional agencies to carry out a check on the credentials, earlier employment record of every employee before the individual commences employment.

At TransDyne, we spare no effort to ensure that patient data is secure. Our security policy and our security features are just another reason why we have become the preferred medical transcription service provider for a growing number of clients.