Choosing a HIPAA-compliant medical answering service

Peyton Duplechien • 08 May 2019 • 4 min read

The Health Insurance Portability and Accountability Act has revolutionized the way health information is handled across the US. Not just in the healthcare industry, but with its associated service providers as well.

Of course, with these new regulations in place, that makes it even more important than ever for you to stay HIPAA compliant when discussing or handling your client’s medical details. After all, if you fail to meet the standards required, you could face penalties and fines up to a value of $50,000 per violation!

Fortunately, you don’t have to spend additional time and money training your staff to meet these demands. Instead, you can make use of the skills of a professional and experienced live answering service to do it for you.

If this sounds good to you, keep reading to learn more about what to keep in mind when picking a live answering service for your healthcare practice.

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act and is designed to ensure the protection and safety of medical and patient data to avoid accidental disclosure.

But HIPAA Is not something you simply opt for. As the CDC states, “HIPAA is a federal law that created a national standard to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.”

In short, this is a law designed to protect your patients from people who would like to use their information for less than reputable reasons. And because it is federal, it applies to all states, regardless of internal laws.

Picking a HIPAA-compliant answering service

So, given the fact that HIPAA regulations are a legal requirement to follow when handling medical data, how do you make sure any answering service you hire is able to meet the standards required?

Well, don’t worry, we have you covered! Below are the key areas to keep an eye on when choosing an answering service:

1. Do they understand HIPAA compliance?

With the new legislation updates now firmly in place, conducting electronic protected health information (ePHI) handling in accordance with HIPAA requirements is now of utmost importance – which is why you need to be sure that any answering service you hire has a firm understanding of this.

The update to HIPAA in 2013 declared that all service providers for the medical industry must comply with the same privacy and security rules as healthcare providers. This means that, when a call center takes messages, the messages need to be protected as if they were being stored and delivered by the medical office itself.

In other words, It doesn’t matter where or how information is accessed, it must be protected properly to ensure it cannot be accessed by external third parties. So, if this is not something a medical answering service can provide, it’s best to avoid them in favor of another.

2. Do they have the necessary HIPAA safeguards in place?

Much like staying secure, the HIPAA Journal has published a handy HIPAA compliance checklist that explains all of the safeguards that need to be in place If an answering service wishes to operate in this field.

For example, there are many essential technical safeguards that need to be accounted for, such as:

  1. The encryption of data in transit
  2. An authentication method to check if the ePHI has been modified in any way
  3. Secure access to information that is restricted for verified users with a password and PIN code
  4. An automatic system logoff when there is inactivity at a terminal or device
  5. A message lifespan feature that will limit the amount of time a message is on a provider or associate’s electronic device in order to deter information from being seen by an unauthorized user

Of course, the level of protection required goes beyond digital elements. Your chosen answering service will also need to be aware of the physical safeguards that need to be put in place. These include:

  1. Protecting the physical area where information is stored, including servers and computer terminals
  2. Restricting access to certain rooms or building areas to authorized personnel only
  3. Setting up training courses to assess and manage risk around handling data
  4. Establishing a reporting protocol and contingency plans to handle any potential security breaches

The bottom line is that you want a HIPAA-compliant medical answering service that adheres to these HIPAA best practices, regardless of whether they record calls by transcription, message taking, or voicemail. They must:

  1. Adopt all privacy procedures required
  2. Thoroughly train employees in HIPAA regulations on an ongoing basis
  3. Inform callers how their personal data will be used in the context of the phone call
  4. Keep patient information secure by restricting access and encryption
  5. Continue to monitor call center performance to make sure it remains under the umbrella of a HIPAA answering service

3. Do they use secure messaging systems

Finally, when considering who to use as your live answering service, you want to be sure that they make use of secure messaging systems across their business. For example, the digital magazine, Physicians Practice, points out that regular SMS text messaging is not HIPAA compliant and should not be used to communicate medical data.

Instead, you should check that your chosen service routes all of their communications through a secured network where only authorized users can access information and attachments of images and data.

In most cases, this will mean making use of encrypted email or database services so that information can be shared quickly and efficiently with your new call team without breaching patient confidentiality.

Stay HIPAA-compliant with VoiceNation

So, now you know what to look out for if you want to hire a HIPAA-compliant answering team, but that doesn’t mean you have to start the long and careful search for one in the near future. Instead, why not team up with VoiceNation today?

Our team of expertly trained, HIPAA-compliant Virtual Receptionists are ready and willing to meet the demands of your medical business. Get in touch today to learn more about just what we can offer!