Choosing a HIPAA Compliant Medical Answering Service
The Health Insurance Portability and Accountability Act has revolutionized the way health information is handled by not only the healthcare industry, but its associated service providers as well. Here are some facts to keep in mind when you are choosing a HIPAA compliant medical answering service for your healthcare practice.
The Way Electronic Protected Health Information Is Handled Is Crucial for Compliance
Correct electronic protected health information (ePHI) handling in accordance with HIPAA requirements is of utmost importance. The update to HIPAA in 2013 declared that all service providers for the medical industry must comply with the same privacy and security rules as healthcare providers. This means that when a call center takes messages, the messages need to be protected as if they were being stored and delivered by the medical office itself. Whether the stored information is being accessed by a desktop, mobile device, or a PC, it needs to be protected whether in a database, being transferred, or emailed.
You Need to Ensure Your Medical Answering Service Has All Applicable Safeguards in Place
The HIPAA Journal has published a handy HIPAA compliance checklist that explains all of the safeguards that need to be in place for compliance. Necessary technical safeguards for ePHI are encryption of data in transit, an authentication method to check if ePHI has been modified in any way, an access to information that is restricted to only verified users with a password and PIN code, and automatic system logoff when there is inactivity at a terminal or device. Another technological compliance safeguard for call centers is a message lifespan feature that will limit the amount of time a message is on a provider or associate’s electronic device in order to deter information being seen by an unauthorized user.
Physical safeguards that need to be followed by medical answering services include protecting the physical area where information is stored, including servers and computer terminals. This could mean restricting access to certain rooms or building areas to only authorized personnel. Administratively, a program to assess and manage risk needs to be in place, which should include an ongoing training program for staff regarding HIPAA compliance. Reporting protocol and contingency plans in the case of a security breach must be in place as well.
- – Fully adopt privacy procedures, thoroughly training employees on an ongoing basis.
- – Inform callers how their personal data will be used in the context of the phone call.
- – Keep patient information secure by restricting access and encryption.
- – Continue to monitor call center performance to make sure it is HIPAA compliant.
Secure Messaging Systems Can Be Incredibly Communicative and Collaborative
The digital magazine Physicians Practice states regular SMS text messaging is not HIPAA compliant and needs to be stopped by physicians so they do not get into trouble. It notes one way to increase messaging security with mobile devices is to install encryption software onto all healthcare providers’ smartphones.
Another suggestion is the sound practice of routing all communications through a secured network where only authorized users can access information and attachments of images and data. The secured network can also be a space for collaborative small group discussions with other providers.
While advancements in technology have provided the healthcare industry with greater connectivity in regards to the ability to share information between providers and patients, it has also come with an added responsibility to preserve patient confidentiality while continuing a high level of customer service. As an extension of your business, your medical answering service needs to have the tools and knowledge to truly be a partner in complying with HIPAA regulations.