In July 2011 the Defense Department of the United States lost approximately 24,000 sensitive Pentagon files in a large-scale cyber attack.  If you know anything about the U.S. Department of Defense (DoD), you know that it is arguably one of the highest-priority sectors of the American government.  You know that a very large amount of money—more than 500 billion dollars per year, actually—is spent on maintaining this arm of the nation.  So how does it make sense that such a high-priority and well-funded organization could lose such sensitive files to cyber hackers?  Shouldn’t the Department of Defense have some of the most advanced and up-to-date security systems, systems that you’d expect to be impervious to outside threats?  And for that matter, how in the world does this apply to medical transcription?

The “Internet” first started as a means for governments and universities to store, protect, and share sensitive information like patents and research.  In a short period of time, however, cyberspace rapidly evolved into a strange parallel world full of websites and marketing and personal computing that forever changed the world.  The mass proliferation of the Internet put pressure on certain sectors of business, especially the health care industry.

This pressure very likely prompted Title II of the Health Insurance Portability and Accountability Act (HIPAA), which demanded the creation of national standards for—among other things—the electronic transfer of medical information.  Medical transcriptionists are today’s manifestation of “health insurance portability,” as they are directly involved in the review and transfer of medical history reports, patient discharge summaries, and other extremely sensitive health-related information.  Today, many hospitals and medical offices in the United States are increasingly outsourcing medical transcription services because of the convenience of information transfer on the Internet.

Can you see the potential problem here?  Can you see how the transfer of information about your last physical exam over the Internet, to a different country, is not a good thing?  If the United States Government’s premiere security branch has been breached so many times in the past, who’s to say that your medical records aren’t next?  Who is to say that a HIPAA-compliant medical transcription company overseas is completely safe from cyber attacks?

Information security continues to evolve—but as it does, so too do the tactics and intentions of hackers.  Whether you are a student, a professional medical transcriptionist, or a patient interested in the security of your health-related information, the following reading is pivotal to a holistic understanding of the healthcare industry’s growing security needs.

Medical Transcription Outsourcing and Security: Academic Reading

• Offshoring of healthcare services:  the case of US-India trade in medical transcription services discusses trends and provides information about outsourcing.
• Medical Transcription in India is an academic paper that highlights issues and trends in the outsourced transcription model.
• Global Outsourcing of Services:  Issues and Implications, by Ramkishen Rajan and Sadhana Srivastava, a small paper written for the Harvard Asia Pacific Review, offers a different perspective on medical coding and transcription outsourcing.
• An Analysis of The Means and Motivations of Selected Nation States discusses medical transcription outsourcing statistics and industry standards.  Presented by Dartmouth’s Institute For Security Technology Studies.
• Your Medical Record Rights in New Jersey is an exhaustive document relevant to medical transcriptionists everywhere.  It describes issues regarding the flow of medical records, highlighting universal issues that span across the states.

Case Studies and Academic Reading on Medical Information Security

• Managing Information Privacy & Security in Healthcare is a case study by Dr. Noam H. Artz of the immunization information systems at the University of Pennsylvania. 
• The 2011 Personal Health Information Security Trends Survey displays the results of some key healthcare findings related to opinions on the security of health records.
• Managing Information Security And Privacy In Healthcare Data Mining is solid treatise by Ted Cooper and Jeff Collman, who represent Stanford and Georgetown Universities, respectively.
• Case Study in Implementing Security for HIPAA Privacy Compliance by the SANS Institute discusses some of the complexities at the intersection of HIPAA law and information security.
• Information security and privacy in healthcare:  current state of research by Ajit Appari and M. Eric Johnson of Dartmouth College explores the growing needs of better security in healthcare data management.
• Information Security in a Heterogeneous Healthcare Domain, by Rose-Mharie Ahlfeldt of the University of Skovde in Sweden, discusses the unbroken care-chain evolution in healthcare and the information vulnerabilities that arise from it.
• Security and Privacy Issues with Health Care Information Technology, by Marci Meingast, Tanya Roosta, and Shankar Sastry from UC Berkley’s Department of Electrical Engineering and Computer Sciences, offers a technical perspective.
• Impact Case Studies and Knowledge Transfer Case Studies is a portfolio by the U.S. Department of Health and Human Service’s Agency for Healthcare Research and Quality.  It has numerous case studies related to health information technology advancement.
• Patient’s Perception of Health Information Security by Tibebe Beshah and Dawn Medlin, discusses information security from the perspective of the patient.
• Information technology in health care is full of unique visuals and nice graphics that detail trends in the industry.
• Evolution of State Health Information Exchange is The Agency of Healthcare Research and Quality’s “…study of vision, strategy, and process.” It provides a lot of useful insight.
• Security and Privacy:  Clinical Case Studies, by Neal Sikka, M.D., of The George Washington School of Medicine, is a unique look at HIPAA, health care, and cyber security.
• Information Security Policies and Governance to Safeguard Protected Health Information is a thesis by Christi Noyes.  It is thorough and ties the issue of health-info security to the political landscape.