Businesses, medical providers, attorneys, and law enforcement agencies often rely on transcription service providers to convert audio and video files into written documents.
Unfortunately, some providers don’t protect client data properly.
Many files sent to transcription companies often contain sensitive information that hackers may acquire on the deep web and sell through the dark web. Personal medical records, criminal cases involving minors, legal cases that are about confidential information, and corporate financial data are a few examples.
This article provides valuable tips on how you can avoid transcription service fraud in regards to the security of your audio and video files that require a secure transcription service.
To gain insight into safeguarding files submitted to a transcription service, let’s explore several security features and their importance. We’ll also examine a transcription service fined by a U.S. Federal Agency, the FTC (Federal Trade Commission), for violating client security protocols.
Reputable Transcription Companies Secure Client Data
The best place to start is by understanding essential transcription security protocols for transcribing any file. Reputable transcription services always provide multiple security features and make sure that every audio file transcribed remains secure from the time it’s uploaded to a website until the written format is delivered to the end user.
Unscrupulous hackers worldwide specialize in stealing sensitive information from both individuals to large companies and government agencies.
Detecting fraudulent activity can be challenging, with even the most astute security specialists duped by cybercriminals. Almost weekly reports surface where a company, educational institution, or medical facility faces a ransom request from hackers.
According to Security Magazine, 2,690 ransomware attacks were reported to authorities, an increase of almost 93% compared to the previous year.
A recent ransomware attack targeted CommonSpirit Health, the second largest nonprofit healthcare system in the U.S. With 1,000 facilities that serve over 20 million patients, the attack delayed surgeries. The mother of one patient was informed by a physician that her son received five times the prescribed pain medicine dosage.
While details of the attacked aren’t known at the time of this writing, officials are trying to determine if electronic health records were exposed.
However, transcription companies can easily incorporate several security precautions to safeguard client data.
Most clients submit their audio and video files through a transcription service’s website. Before submitting files to any transcription service provider, you should complete a basic company search. Key features to look for include:
In August 2014, the FTC filed a three-count complaint against transcription provider GMR Transcription Services, Inc. for “unfair and deceptive acts.” The agency document also named the company’s president and vice president.
One of the more severe allegations involved GMR assigning all of their medical-related transcriptions to another transcription company based in India.
While the company’s website proclaimed that it protected confidential and sensitive files, the FTC determined that GMR and its foreign-based affiliate companies did not adhere to numerous security protocols.
Addressing one of the three FTC counts, the complaint stated:
“In truth and in fact, as described in Paragraphs 11-14, respondents did not implement reasonable and appropriate security measures to prevent unauthorized access to personal information in audio and transcript files. Therefore, the representation set forth in Paragraph 17 was false or misleading and constitutes a deceptive act or practice.”
In a unanimous, 5-0 decision, the FTC approved and issued a final order stating that for a 20-year period, GMR and its executives are prohibited from the following:
“…misrepresenting the extent to which they maintain the privacy and security of consumers’ personal information.
“… the agency alleged that GMR’s data security practices were inadequate and resulted in transcriptions of audio files provided by GMR’s customers being indexed by a major search engine and made publicly available to anyone using the search engine.
GMR also must establish a comprehensive information security program that will protect consumers’ sensitive personal information, including information the company provided to independent service providers. The company must have the program evaluated both initially and every two years by a certified third party.”
The first step is ensuring that high-level security protocols protect client data when uploaded to the transcription services website.
Whether you use peer-to-peer (P2P), a cloud service, or file transfer protocol (FTP), incorporate a two-factor authentication process as an added layer of protection. Other precautions include:
Transcription Companies working with medical clients must adhere to stringent guidelines outlined in the Health Insurance Portability and Accountability Act (HIPAA). As discussed above, the FTC complaint against GMR originated when the company contracted with a foreign transcription service, resulting in leaked data.
The Criminal Justice Information Services (CJIS) is the largest division of the Federal Bureau of Investigation (FBI). The division manages the bureau’s centralized criminal justice database and is accessed by federal, state, and local law enforcement agencies.
CJIS requires that any organization or company (including transcription services) working with law enforcement agencies that handle confidential data maintain and follow strict security policies to keep criminal records from getting into the wrong hands.
Note: Companies using foreign or non-U.S.-based transcriptionists do not adhere to HIPAA and CJIS compliance standards.
Cybersecurity can be complex. However, by following the basic tenets discussed above, unauthorized users will have difficulty gaining access to your sensitive information.
If you are a U.S.-based entity, always use a reputable U.S.-based company. Begin by researching transcription providers with a proven track record in your industry. A little research goes a long way in protecting your data.
Splunk is one of the most used SIEM (Security Incident and Event Management) tools worldwide.…
California-based Ring LLC endangered its customers’ privacy by allowing any employee or contractor to see…
Gigabyte systems have been identified by the Eclypsium platform for exhibiting suspicious backdoor-like behavior. This…
The third Beta version of Security Onion 2.4 is made available by Security Onion Solutions.…
The Leak discloses Address, Vehicle Identification Number (VIN), Email address, Phone number, Name, and Vehicle…
Dark Pink has successfully targeted 13 organizations across 9 countries, highlighting the extent of their…