PJ&A recognizes the importance of information security. Comprehensive policies and procedures are used to ensure that all access to patient data is restricted. HIPAA compliance requires an enterprise to implement, maintain and review a variety of controls. The PJ&A platform enables HIPAA compliance through advanced technology for dictation, transcription and patient data accessibility. Access to all Protected Health Information (PHI) is governed by the following fundamental principles:
- Each system user must be identified by name and password
- All access to PHI must be limited to authorized users
- All access to PHI must be audited; this includes: Listening, Transcribing, Editing, Viewing, Printing, Faxing, Physician Electronic Signing and Electronic Download
- All transmissions of PHI must be encrypted
These principles are implemented using a layered approach. Employees are required to attend annual training which reference the policies and procedures to follow when accessing PHI. All electronic systems audit each event which accesses PHI. This audit can be reviewed and monitored to verify that users are assigned the least authority necessary to perform their job. All systems encrypt all PHI during transmission.