Owning or managing a physician's office or other healthcare service requires long hours and a strong commitment to patient care. While it's an excellent idea to enlist the services of a medical answering service, it's important to understand that not all services are the same. In fact, choosing the wrong service could get your business in trouble if your patients' privacy and rights aren't protected according to federal law. Here is why a medical answering service must be 100% HIPAA-compliant.
What is HIPAA?
HIPAA is the acronym for the Health Insurance Portability and Accountability Act, which was passed in 1996. The Act is meant to make it easier for people to keep their health insurance, assist with administrative cost control in the healthcare industry, and protect the security and confidentiality of a patient's healthcare information.
HIPAA governs the privacy and security of a patient's protected health information (PHI). The legislation has both a Privacy Rule and a Security Rule which govern who has access to information and how that data is protected from outside sources. Not only must employees in any healthcare setting be trained on HIPAA regulations, but there must also be procedures and technology in place to protect patient rights.
How Some Answering Services Violate HIPAA Rules
If you are shopping for a medical answering service based on low price, you may find that your services are violating Federal law. Some answering services that advertise rates for physicians or hospitals have not invested in the technology or training required to comply with HIPAA regulations. A few of the ways that an answering service might violate HIPAA rules include:
- Unsecured Emails. If an answering service sends out unencrypted emails that aren't password protected, they may be violating HIPAA. This is true if the emails contain PHI, even if they are only sent to staff members or within the office.
- Unsecured Texts/SMS. An answering service that transmits text messages / SMS messages with patient data that aren't password protected or encrypted is violating HIPAA rules. Personal information, such as a patient's name and phone number, that seems basic must always be protected.
- Unencrypted Paging. Any answering service that offers paging services could violate HIPAA rules if those services aren't state-of-the-art. Alpha paging transmissions are not encrypted and could compromise patient data and privacy. Alpha devices are not HIPAA-compliant storage devices.
- No HIPAA Compliance Officer. A medical answering service that lacks a named HIPAA Compliance Officer (HCO) with the correct training and credentials is violating HIPAA rules.
- No Contractor Agreement. Most answering services use subcontractors for some functions, such as an IT service. If a healthcare answering service doesn't have signed Subcontractor Business Associate Agreements with each contractor, particularly IT and software vendors that can access PHI, the will be in violation of HIPAA laws.
Why a Medical Answering Service Must Be HIPAA Compliant
HIPAA violations are serious and can be costly for your organization. Most violations come from data breaches, but some are due to faulty privacy policies in place within an organization. According to the Office for Civil Rights (OCR), 329 healthcare breaches occurred in 2016, exposing more than 16.4 million patient records.
The five largest healthcare breaches were due to hacking, and there were several major PHI breaches attributed to unauthorized disclosure of information, theft, and improper disposal. Not only do healthcare data breaches tarnish a company's image and violate the law, but they are also expensive. According to a whitepaper from Protenus, the annual costs of data breaches in the U.S. health care field alone is $6.2 billion.
Any medical answering service is considered a "Covered Entity" under HIPAA regulations because they are involved in capturing, storing, and transmitting PHI. Because of this, medical answering services must be 100% HIPAA-compliant.
How to Know if a Medical Answering Service is HIPAA Compliant
Today more than ever, it's important that you be selective and ask questions when you hire a medical answering service for your business. HIPAA amounts to some strict federal laws, and you should feel comfortable knowing that a provider you hire will understand and comply with these rules on your behalf. The healthcare answering service that you hire should be able to answer these questions with ease:
- Do you have a HIPAA Compliance Officer (HCO)?
- When was the most recent HIPAA training in your company?
- When and how often are your call operators trained on HIPAA regulations?
- What technology protocols does your company have in place to keep PHI secure?
Answering365s Medical Answering Services and HIPAA-Compliance
Answering365 has privacy policies, technology, and security in place to comply with all HIPAA standards. Our company maintains HIPAA-compliant information transfer protocols, secure digital storage of records, password-protected access to information, and state-of-the-art secure messaging systems. Our technology has redundant layers and multiple levels of data back-up and storage. Call operators are consistently trained on HIPAA rules as well as instructed on how to respond in emergency situations.
Medical offices, hospitals, and physicians have a responsibility to maintain patient trust, and the HIPAA laws were put in place to give patients in this country certain guarantees. Healthcare providers are entrusted with some personal and sensitive information, so any staff member that might potentially touch that data must have HIPAA training and privacy agreements in place.
Outsourcing your calls is an excellent way to provide top-level patient care by giving 24-hour access through live call operators as well as other valuable services. Answering365 respects your patient's privacy and guarantees that its services are 100% HIPAA-compliant. Contact us to learn more about how our medical answering services can help your business, or to start a free trial.