Privacy Laws and Your Medical Translation Project

Your medical translation project will need to comply with many standards simultaneously. For example, to comply with the Joint Commission Standards and Healthcare Compliance Law, your organization must be able to communicate with a Limited English Proficient speaker in his or her own language. However, the Health Insurance Portability and Accountability Act (HIPAA) prohibits the unauthorized sharing of medical records and personally identifiable information without patient consent. As a result of these two policies, your hospital or health insurance organization needs a Language Services Provider (LSP) that values privacy and clarity equally. Here are some questions, ideas or concerns about HIPAA and medical translation and how you can help your organization navigate these issues.


How does the law view the role of translators under HIPAA?

Because they are not employed by the organization using their services, translators are considered business associates under HIPAA legislation. Patient information should only be shared with a business associate for a specific purpose as stated in a business contract between a provider and hospital or clinic.


What measures should your LSP undertake to ensure you’re in HIPAA compliance?

To fully comply with HIPAA regulations, your LSP should incorporate the following:

  • Secure connections: Documents are transmitted only through a secure https connection
  • Data encryption: All documents are automatically encrypted
  • Professional translators have signed a Business Associate and Non-Disclosure Agreement.
  • Translators are reputable members of professional organizations, such as the American Translators Association, that have and enforce a strict Code of Professional Conduct and Business Practices
  • Open process, reviewed by client representatives
  • An active policy and process for backing up data and emergency contingency planning
  • Transparent security policies: Your LSP should be open to conducting audits with your organization to improve compliance.

What Protected Health Information (PHI) must be protected when working with an LSP?

Under HIPAA, PHI is information that identifies an individual and relates to the following:

  • The individual’s past, present, or future physical or mental health
  • The provision of healthcare to the individual
  • The past, present, or future payment for health care
  • The patient’s personally identifiable information (PII) including social security number, date of birth, policy number, member number and address

This patient information is often shared during the delivery of translation services and should be handled carefully by vendors for a covered health care entity.


What documents or assessments should our health care organization take into account before choosing an LSP?

Before hiring an LSP, your organization should:

  • Assess the vendor’s privacy risk
  • Conduct a privacy impact assessment of any vendor or contractor that provides language access services
  • Create guidelines regarding who will have access to what information as part of the vendor agreement
  • Sign contracts outlining the business relationship between the healthcare organization and the vendor
  • Set terms to ensure that vendors meet regulatory compliance guidelines


What kind of training should your LSP undergo to ensure HIPAA knowledge and compliance?

Your LSP should show that its staff members are trained in HIPAA compliance including how to manage sensitive information, recognize PHI and protect the privacy of your patients.

The most important step your organization can take to ensure HIPAA compliance and clear communication is to hire a professional translation company with experience in the healthcare field. Make sure to assess potential vendors carefully and continually monitor their adherence to the laws.


Alphabet Soup Glossary

Complying with HIPAA laws can require knowing a lot of acronyms. Here are some key terms to know:

HIPAA: Stands for the Health Insurance Portability and Accountability Act, a US law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals and other healthcare providers.

LSP: Stands for Language Service Provider, a more current, commonly used term for a company or partner that provides a broad range of translation or linguistic services.

PHI: Stands for Protected Health Information, which is individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral.

EPHI: Stands for Electronic Protected Health Information, which is any protected health information (PHI) that is covered under Health Insurance Portability and Accountability Act of 1996 (HIPAA) security regulations and is produced, saved, transferred or received in an electronic form.

PII: Stands for Personally Identifiable Information. HIPAA uses the term Protected Health Information (PHI) to refer to protected data, but the concept is very similar to the term Personally Identifiable Information (PII), which is used in other compliance regimes.

BAA: Stands for a Business Associate Agreement, which is a contract between a HIPAA-covered entity and a HIPAA business associate (BA). The contract protects personal health information (PHI) in accordance with HIPAA guidelines.

NDA: Stands for Non-Disclosure Agreement

At Avantpage our experienced team can help guide you through the translation process and make it fast and easy. To find out more about our services call us at 530-750-2040 x11, or request a free quote