Quality patient care is necessary for your healthcare practice to stand out from the rest. Your patients move at a very fast pace and are very tech-friendly, which means they expect the same from their healthcare provider. A professional medical answering service is one way you can give your patients the care they may need when your office is closed for the day. You may think you have found the right answering service for your medical practice, but is your medical answering service HIPAA compliant?
What is HIPAA and why is it so important?
HIPAA stands for the Health Insurance Portability and Accountability Act. It refers to a group of laws that protect a patient’s privacy by keeping their personal information secure.
Who needs to comply with HIPAA?
All healthcare organizations and their business associates should comply with the HIPAA and the HIPAA HITECH (the Health Information Technology for Economical and Clinical Health Act). Medical answering services fall under the “business associate” category, meaning they must strictly comply with every HIPAA guideline while providing answering services to healthcare organizations, medical offices and other companies in the healthcare industry that are trusted with patient information.
What does this mean for your medical answering service?
Your medical answering service should provide a safe and secure location (either online with a software or offline in their physical office) for patient information to be exchanged. Every answering service agent must understand and comply with HIPAA regulations.
Anyone working in the healthcare industry knows the significance of HIPAA-compliance for the protection of a patient’s health information, but there is no guarantee that your medical answering service knows about the guidelines. Below are some questions you can ask your medical answering service to see if they are HIPAA compliant:
Do they send protected health information (PHI) to your phone?
Most physicians are unaware that receiving a patient’s health information (like name, contact number and health complaint) via an unsecured SMS or text message from an answering service violates HIPAA regulations. A text message is not safe for multiple reasons. Any information sent to your phone is not encrypted. Although a provider may use a password protected phone, it does not prevent others from reading their patient’s medical information once it is unlocked. If your phone is stolen or accidentally left behind, it could be quite easy for others to gain access to the sensitive information.
Do they email valuable patient information?
If your answering service sends an email with a patient’s medical information, you must make sure that it is encrypted. An unencrypted email sent from one user’s computer to another is vulnerable to hackers. These type of emails not only put the patient’s information at risk, it also reveals the identities of the sender and receiver.
Even though the answering service verifies that the message is encrypted on their side, if the information pops up on the doctor’s screen, he is in the violation of the HIPAA laws. As a physician, it is your responsibility to prevent such mistakes from happening. However, many providers are not aware that this type of communication is not considered secure by HIPAA standards.
Overall, HIPAA compliance is an ongoing process. Being a physician, it is your responsibility to ensure that your medical answering service is protecting you and your patients in every stage of the communication process. If for some reason their service does not meet your guidelines, it may be in your best interest to hire a new company.
Contact us if you would like to learn more. We have provided superior quality call center related services to healthcare related businesses since 1967.