Join, Follow & Connect
Join Modern Healthcare's LinkedIn group Follow Modern Healthcare on Twitter Join Modern Healthcare's Facebook group Follow Modern Healthcare's Pinterest board Modern Healthcare's Flickr page Modern Healthcare's YouTube Channel Get a Modern Healthcare news feed

 
Comment Buy Reprints Print Article Share on LinkedIn Share on Facebook Share on Twitter Email this page to a colleague
Healthcare Business News
 


FTC reaches settlement with transcription service provider GMR


By Joseph Conn
Posted: February 3, 2014 - 12:15 pm ET
Tags:

The Federal Trade Commission has reached a settlement with a transcription service provider and its owners stemming from a complaint that it used inadequate data security measures and failed to prevent personal information such as drug and alcohol use and psychiatric evaluations from being posted to a public website.

The incident involved a “business associate” of a “covered entity,” a relationship that now is likely to trigger the more stringent privacy and security amendments to the Health Insurance Portability and Accountability Act contained in the American Recovery and Reinvestment Act of 2009 and enforceable by the Office for Civil Rights at HHS.

Advertisement | View Media Kit

 

The timing was off for OCR action on this complaint, however. The massive, 563-page omnibus privacy rule spelling out the new ARRA requirements wasn't released until Jan. 17. 2013, did not become effective until March 26, and was not enforceable until Sept. 23 last year, long after the breaches covered by the complaint occurred.

The complaint was filed against GMR Transcription Services, and individual owners and officers of the Tustin, Calif.-based company, GMR President Ajay Prasad and Vice President Shreekant Srivastava, alleging GMR made “false or misleading” representations about its data privacy and security policies, which “constitutes a deceptive act or practice” in violation of the Federal Trade Commission Act.

It alleges GMR hired contractors who downloaded audio files over the company's network, transcribed them and transmitted back via the network to the company. GMR would then make the transcriptions available to its customers either by direct transfer or by e-mail.

Between March and October 2011, the files prepared by Fedtrans, GMR's India-based service provider for medical transcriptions, “were indexed by a major internet search engine and were publicly available to anyone using the search engine,” according to the settlement document and a FTC news release.

Fedtrans assigned the work to “independent typists” to transcribe, the agreement said, but GMR failed to require Fedtrans by contract “to adopt and implement appropriate security measures” such as requiring that the files be securely stored and encrypted when transmitted and ensuring that only transcriptionists with adequate credentials were able to access the files.

Some of those exposed records included “notes from medical examinations of children and other highly sensitive medical information, such as information about psychiatric disorders, alcohol use, drug abuse and pregnancy loss.” In addition to hospitals and other healthcare providers, the company's customers include university students and faculty; “well known corporations,” including retailers, insurers, telecom and financial service providers and government agencies, the complaint said.

Neither GMR nor the two owners paid fines or monetary settlement amounts, but agreed to a number of steps to improve and verify their data security practices. Among these: agreeing to provide the FTC with an independent security assessment every two years for the life of the 20-year agreement.

The agreement was approved by a 4-0 vote of the commission and is subject to public comment through March 3, after which the commission will consider making the consent order final.

Follow Joseph Conn on Twitter: @MHJConn


What do you think?

Share your opinion. Send a letter to the Editor or Post a comment below.

Post a comment

Loading Comments Loading comments...

Search ModernHealthcare.com:


 

Switch to the new Modern Healthcare Daily News app

For the best experience of ModernHealthcare.com on your iPad, switch to the new Modern Healthcare app — it's optimized for your device but there is no need to download.