How to maintain HIPAA compliance with LEP patients

Lindsay Lawson
4 Min Read

Despite many years working under the Health Insurance Portability & Accountability Act, better known as HIPAA, confidential patient information remains vulnerable to data breaches. So how can you improve your organization’s data security and HIPAA compliance?

Why does HIPAA compliance matter?

Artboard 1-4In 2021, the US Department of Health and Human Services (HHS) found that every 10 seconds, 14 US citizens’ PHI (private health information) is compromised. This means almost 45 million patients’ data is stolen each year through data hacking or unauthorized healthcare provider disclosure.

The US Department of Health and Human Services’ Office for Civil Rights (OCR) broadened HIPAA enforcement over the last five years, including increasing fines and penalties. The financial consequences of violating HIPAA depend on the level of negligence. If a breach has occurred, the number of health records potentially exposed by the breach and the risk posed by the unauthorized disclosure determine the severity of the violation. Fines include:

HIPAA Violation
Fine
Attributable to ignorance$137 – $34,464
Occurred despite reasonable vigilance$1,379 – $68,928
Willful neglect which is corrected within 30 days$13,785 – $68,928
Willful neglect not corrected within 30 days$68,928 – $2,067,813 per violation category, per year

(HIPAA Journal)

How can healthcare organizations improve HIPAA compliance?

Artboard 4-2Even if you have HIPAA training and protocols in place, language barriers often introduce additional challenges and processes for your team to follow, stealing focus away from protecting patient data. Limited-English proficient (LEP) patients deserve the same information security as your English-speaking patients. Here are a few ways you can better support your LEP patients and maintain HIPAA compliance:

Choose an LSP with strong information security management

How does your language services provider (LSP) safeguard private information? CyraCom proved via a third-party audit that we preserve information privacy and security through a risk management process. CyraCom was the first US-based language services provider to obtain a 27001 Information Security Management ISO certification.

Work with trained, qualified interpreters

Many LSPs primarily rely on self-employed, independently contracted interpreters who legally cannot be trained. In contrast, CyraCom’s employee interpreter model allows us to provide training and ongoing professional development opportunities. Our Artboard 3-2trained employee interpreters:

  • Discard call notes: Our interpreters use whiteboards to take notes and immediately erase them once the interpretation session has concluded.
  • Never discuss call information with unauthorized parties: Other than coaching sessions, CyraCom interpreters must never discuss call details once the interpretation session has concluded.
  • Maintain privacy during VRI calls: Video interpretation stations within our large-scale contact centers were constructed to protect participants’ privacy, including angling monitors away from walkways so anyone passing by can’t see anything on-screen.

Avoid free machine translation platforms

Artboard 5-3While it may be tempting to use free machine translation (MT) platforms to save time, public MT portals can lead to unintentional data leaks and privacy risks. Terms of use agreements may entitle the machine translation provider to store, modify, reproduce, and distribute submitted content, all violating HIPAA’s patient protections.

Did you know CyraCom offers fast, free quotes for translation projects? Email our experts at translation@cyracom.com to request your quote today.

CyraCom can help you protect your patients’ PHI.

Contact our team at getstarted@cyracom.com today to ask questions or set up a zero-risk consultation.

TAGGED:
Share This Article