ULG's Language Services Blog

Securing Patient Data: What Your Language Provider Should Know About HIPAA

While HIPAA compliance might complicate your life, the goal of the regulation is really the same as yours: protecting patients. You’re looking out for their physical well-being, while HIPAA is safeguarding their private information.

Medical professionals worked hard to protect patient information long before HIPAA was passed into law in 1996. However, faced with rapidly changing technology and a confusing patchwork of state and federal privacy laws, Congress decided the industry needed standardized rules and stronger safeguards.

By 2018, you’re probably well versed in HIPAA laws and best practices for compliance. But beyond your own office, healthcare organizations also have a responsibility to choose vendors that are HIPAA compliant. If you’re working with an outside firm that might encounter any sensitive patient data, it’s your job to make sure they not only understand HIPAA laws but strictly adhere to them.

Language Providers and HIPAA Compliance

Language Solutions Providers (LSPs) are important to the healthcare industry. They’re used to communicate with Limited English Proficient (LEP) patients, as well as those with hearing loss. They translate important documents and, when needed, provide live interpreters.

Due to the nature of the work, LSPs constantly come in contact with private patient information that is protected under HIPAA regulations, including billing records, medical history, account numbers and demographic information. So it’s crucial to make sure LSPs you’re considering are HIPAA compliant before you hire them.

Using a language provider that is HIPAA compliant goes beyond just good policy. It’s the law. Under the Omnibus Rule, healthcare providers are responsible for making sure that all vendors and contractors who handle protected health information (PHI) have taken all the required steps to comply with HIPAA. Failure to do so can mean serious fines and penalties — for you, not the vendor. Some organizations have learned the hard way by facing millions of dollars in HIPAA violation fines.

How to Evaluate LSPs for HIPAA Compliance

Any language provider can claim to be HIPAA compliant. So how do you know the vendor is actually safeguarding your private patient information and closely following federal rules and regulations? Here are some questions to ask:

  • Do staff members go through HIPAA training? Who administers the training, and are employees tested on the material after training is complete? Both government and private organizations offer HIPAA training.
  • Is the vendor HIPAA certified? Many private companies offer HIPAA certification for business associates of healthcare providers. Going the extra mile to earn this type of certification is a good indication that the LSP is serious about data protection and compliance.
  • Are internal audits conducted? Any HIPAA-compliant vendor should conduct regular audits to make sure staff members are following rules and regulations. Staff members who fall short should be retrained, reprimanded or terminated.
  • Is the company certified as compliant with ISO standards? ISO created a variety of universally recognized standards that ensure vendors meet certain quality and operational standards. Pay particular attention to whether the company is certified for ISO 27001:2013 standards for information security management.

  • How are employees and subcontractors screened? What qualifications are required? Must they have prior experience with medical translations? Have they previously worked under HIPAA regulations? Are they required to sign Non-Disclosure Agreements (NDAs) before translating sensitive data?

Worth Taking The Extra Time

This may sound like a lot of information to weed through before hiring a vendor, but thoroughly vetting your LSP protects not only your patients but your own organization’s finances and reputation.

It’s worth taking the extra time to make sure protecting patient data is as important to the vendor as it is to you.