If your business is in the healthcare industry and you use a call center to answer your phones, you'll need to exercise caution. As you know, all medical businesses in this country have strict requirements under HIPAA that are meant to protect a patient's rights and privacy. These regulations also apply to services that your company uses, such as a medical answering service. Failure to comply could put your business in jeopardy. Here are just five ways that you can tell if your physician's answering service isn't HIPAA compliant.
1. Claims of Being "HIPAA-Certified"
A medical answering service might make a claim that they are "HIPAA-Certified, " but these could be just empty words. In truth, there is no official HIPAA certification that gives a company the green light to claim HIPAA compliance. A company acting on your behalf must have the right technology and programs in place to be truly compliant with all applicable laws.
2. Sending Unencrypted Text Messages
Communicating by text message is popular, but it's not a secure method of sending patient health information (PHI). Standard text messages are not encrypted, so a medical answering service that submits PHI via unencrypted text isn't HIPAA compliant. The only way to submit PHI and be in compliance with privacy laws is to use a secure text messaging app.
3. No HIPAA Training Program in Place
A large part of being HIPAA compliant is having the right training and guidelines in place for a business and its employees. If a physician answering service can't produce a copy of their HIPAA program or tell you about their extensive training program, there's a good chance that they aren't fully compliant.
4. Sending Unencrypted Emails
If your physician's answering service sends emails about patient calls, those messages must be encrypted. If they aren't, you are not complying with HIPAA rules. Emails are vulnerable to a variety of threats, so all messages must have TLS encryption enabled to be fully HIPAA compliant. Another option is to use an S/MIME secure email to protect yours and your patient's privacy.
5. Using Unsecured Paging
A medical answering service that uses text or alpha paging is not HIPAA compliant for several reasons. The first is that data transmitted in this way isn't encrypted. Also, pagers that receive these messages aren't password protected, so privacy can be compromised. If using pagers, they must be HIPPA compliant pagers or the company should avoid transmitting any sensitive patient health data.
HIPAA compliance is something to take seriously with your choice of physician answering service. The penalties for a HIPAA violation can range anywhere from $100 for an innocent mistake to $50,000 for a case of uncorrected willful neglect. Failure to comply with HIPAA can even result in criminal penalties if the Department of Justice becomes involved in the matter. Because of these potential issues, it's more important than ever to only hire a medical answering service that is 100% HIPAA compliant. Contact Answering365 now to learn about how our HIPAA-compliant physician's answering services can help your business or start a free trial.