Is Your Court Reporting Firm HIPAA Privacy and Security Compliant?

Is your court reporting firm HIPAA compliant?When I talk to anyone about HIPAA and court reporting, they say, “What? How can court reporters have anything to do with HIPAA rules? Well, read on.  Simply stated, if you’re a paralegal, attorney, legal assistant or legal administrator, you may want to make sure your court reporter is HIPAA compliant.

Will you state your full name and date of birth?

Can you describe your understanding of your current medical condition?

Will you provide your social security and drivers license number?

Those questions sound familiar, don’t they?  So now you understand why the law mandates that court reporters be completely HIPAA compliant. Let’s face it, as our culture has become increasingly tech-savvy, people are more aware than ever of their right to privacy —rights that extend to information shared in any type of legal proceeding. Those of us who hear testimony, or see written exhibits, have an ethical and legal obligation to protect the records and people we work with (directly or indirectly) on a daily basis.

Legal History of HIPAA and Court Reporting

On September 23, 2013, court reporters became legally required to comply with the HIPAA (Health Insurance Portability and Accountability Act) Privacy Regulations. At that time, our national association, NCRA, sent out a Memorandum from Mel Gates with Patton Boggs identifying court reporters as business associates who must comply with the rules and regulations passed by HIPAA and the HITECH (Health Information Technology for Economic and Clinical Health) Act.

As court reporters, we handle personally identifiable information (PII) almost daily when we hear testimony and mark exhibits in depositions. Very often, an entire patient file is marked as one exhibit in a doctor’s deposition. During discovery, it’s common for a plaintiff or defendant to be asked questions which elicit answers that clearly fall within the definition of personally identifiable information.

What is Personally Identifiable Information (PII)?

According to HIPAA, data is considered to be PII if it contains any of the following:

  • Full name
  • Date of birth
  • Login name, screen name, or handle
  • Race and gender
  • Grades, salary, job position
  • Home addresses
  • Email address
  • IP address (in some cases)
  • VIN number
  • Driver’s license number
  • Social Security Number(s)
  • Medical history
  • Criminal record
  • Any information which includes details of a personal nature

A great majority of the transcripts prepared and documents marked as exhibits to those transcripts contain PII as defined by HIPAA. Under that Act, legal professionals must comply with HIPAA whenever discovery consists of revealing and divulging personally identifiable information of their clients.  No longer is a signed Consent for Release of Medical Records enough.  Court reporters have been deemed to be business associates in the litigation discovery process due to their exposure to and handling of privileged and confidential client information.  Non-compliance can have civil and criminal ramifications for business associates who fail to comply fully with the new regulations.

According to HIPAA standards, court reporters are responsible for keeping PII in each case protected in a way that the witness can feel confident that their information is secure.

Work With a Court Reporter You Can Trust

Stevens-Koenig Reporting is completely HIPAA privacy and security compliant. Our office staff and professional team of reporters are fully compliant with all of the security requirements established by HIPAA and the HITECH Act.

Stevens-Koenig maintains the highest level of security to ensure the confidentiality of personal information and medical information at each of our facilities. We have an on-staff Security Compliance Officer who does company-wide risk assessments and has developed a comprehensive Policy and Procedures Manual.

Some of the safeguards currently in place include the following:

  • Policy & Procedure Manuals which have been distributed to and reviewed with all staff.
  • HIPAA-approved training course is required by all Stevens-Koenig staff. Each reporter carries a wallet-sized copy of their certificate with them at all times.
  • Exhibits are delivered to the office immediately after a deposition is over so there’s no risk of exposure to outside parties.
  • Scopists and proofreaders have been trained and tested in the proper maintenance of PII
  • Original exhibits are in a locked, secure room until they’re sealed with original deposition transcripts.
  • All transcripts, exhibits and videos are stored on secure servers.
  • Offsite storage is utilized only with HIPAA-compliant servers.
  • All servers, desktop and laptop computers have firewalls and anti-viral software.
  • Electronically delivered transcript files are sent via an encrypted, password protected site.
  • Our 24/7 Repository is a verified HIPAA-compliant site, and online access is fully protected.

Stevens-Koenig Reporting recognizes and appreciates the confidence you place in our firm every day during depositions. You can rest assured that all information is maintained in accordance with the highest standards.  After all, we believe that it’s our job to keep your clients’personal information confidential and secure.  It’s their right; it’s our responsibility. Period.

If you enjoyed this article, you may also like, 6 Ways to Improve Your Law Firm’s Litigation Efficiency with Stevens-Koenig Reporting.”