HIPAA should be important to attorneys and the court reporters, and there are essentially three areas HIPAA impacts the legal community as well as court reporting firms:
- Attorneys and court reporters receive and save on numerous devices patient medical as well as personnel information both physically and electronically
- Both law and court reporting firms are a heavy IT based industries utilizing mobile devices that hold electronic personal and health records as well as either owned or contracted cloud repositories for storing data
- Attorneys and court reporting firms work with contracted reporters, proofreaders, scopists and videographers who are often subcontractors which makes it difficult to enforce a firms security and privacy policies
The belief is that eventually both attorneys and court reporters will find themselves in the HIPAA cross hairs. Just to be clear there is not a direct correlation between the medical and legal industries yet, but the fact that both groups receive and retain medical records should make attorneys, reporters and anyone associated with the legal industry to sit up and take notice.
Most of the folks I’ve spoken to about HIPAA for court reporting feel we as an industry need to protect ourselves. If an individual or an organization is already involved in a lawsuit wouldn’t they be more apt to file other lawsuits if they felt wronged in some way? Though I agree that once someone decides to seek legal representation or are convicted of a crime the legal industry must operate as it always has by sharing and disseminating information relevant to the case. That being said if an undisclosed breach occurs or if information not germane to case is released aren’t the parties, whether attorney, reporter, videographer, scopist or proofreader, still accountable under HIPAA’s umbrella?
Some may feel and/or justify the court reporting industry is not responsible under HIPAA’s guidelines and therefore absolved of any accountability if there is a breach. That is for each business owner and contractor to determine based on their level of comfort and understanding. Basically, it comes down to determining who is employing or paying the court reporter(s) and if the attorney is a business associate to the covered entity.
In my estimation, there are situations where the law or court reporting firm or reporter might not have to comply with HIPAA requirements and situations where they have to comply. In the great scheme of things wouldn’t it be less complicated from a business perspective to have one process for handling PHI so as to not confuse what to secure and what to keep private?