Just because you use an answering service and other assistance in your healthcare business does not change the requirements that you keep patient information confidential. According to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), companies are held accountable for breaches that publicize private information and are subject to fines if they do. Even if someone associated with the business, but not a direct employee, is responsible for a breach, a company can find themselves under fire.
Your Answering Service Ensures Your HIPAA Liability
Hiring an answering service that has a knowledge of HIPAA and procedures in place to make sure that they are observed to the letter of the law is extremely important for staying compliant. Answering services are considered HIPAA Business Associates and they must have provisions in place to ensure patient privacy which would stand up to an audit. If you do not exercise due diligence in selecting the right answering service, you could not only pay hefty fine but considered guilty of Willful Neglect that carries million-dollar fines and even imprisonment in some cases.
Using an answering service means having someone answer phone calls that come in from patients. The person who answers the call would obtain the patient’s name, contact information, and details about health conditions. You should verify internal security measures regarding keeping information private. If the answering service records calls, you should inquire how this information is protected.
Disseminating PHI To Authorized Persons
Patient Healthcare Information (PHI) received on the call must be disseminated in many different ways that could pose a threat to privacy. Answering service personnel need to transmit it to a clinic, physician, healthcare worker, or other authorized person. The transfer of information might take place by phone, but could also take place via pager, text, voicemail, or email.
Any of these forms of communication are quick and effective ways of scheduling appointments, summoning care, or passing on information, but the question that healthcare providers must ask is whether the way of transmitting information is secure.
• Traditionally, answering services used pagers to send notifications of patient health information or PHI. This technology is considered antiquated in most circles, yet still in use. The problem for the industry is that pagers are not secure as the data is not encrypted, nor is the pager password-protected. Any unauthorized person with access to the pager could be privy to patient information. Hiring in answering service that depends on pagers is asking for trouble.
• Text messaging is a convenient way of disseminating information, but unless the cell phones in use have secure text messaging apps installed that encrypts messages and prevents information from being displayed without first having to enter a password, the information is not secure. Your answering service must have this technology in place to ensure HIPAA-compliant transmissions.
• Email transmissions of PHI must be encrypted to meet HIPAA standards so that the identity of the sender and receiver and the content itself are secure. This requires that mail servers are properly configured with encryption methods such as TLS or S/MIME with a certificate from a reputable certificate authority (CA).
Choose The Security Of Rite Response
In selecting an answering service that meets HIPAA guidelines, you must verify that the company has systems in place to protect PHI and protect you. Rite Response of Houston, Texas, an experienced provider of answering services for the medical field, has the procedures and technology in place to ensure that your company is compliant.