Ensuring that your Medical Answering Service is HIPAA compliant is protecting you from a complaint or even a possible criminal violation. HIPAA (Health Insurance Portability and Accountability Act) dates back to 1996. One of the primary goals of the law is to protect the confidentiality and security of PHI (protected healthcare information).
To fully appreciate the relationship of HIPAA and a telephone answering service, you will need to completely understand what PHI encompasses. According to the US Department of Health and Human Services, PHI is individually identifiable information that includes many types of identifiers for an individual, including information about the individual’s employer and family members. Some of these identifiers are exactly the type of information you would want your answering service to send to you regarding your patients/clients. A few examples are: Address, dates related to an individual (including birth date, admission date, discharge date, date of death, and exact age if over 89), telephone numbers, fax numbers, Social Security Number, medical record number, account number, or any other unique identifying number, characteristic, or code. The concern arises when such information is given verbally or sent electronically, via text, fax or email. Any PHI or ePHI (electronic protected health information) must be protected and secure.
Be sure that the medical answering service you use has a designated HCO (HIPAA Compliance Officer). His/her responsibilities should include, but not limited to, maintaining and updating all HIPAA policies and procedures, risk analysis, new hire and yearly training and testing of all personnel, and being the “point person” when/if a potential breach of PHI occurs. Ask questions that include; Does this service have:
- A HIPAA Policy and Procedure Manual?
- Regular HIPAA training of all employees?
- A Secure Messaging platform for texting?
- An option to allow email encryption?
- Security measures to enable protected Fax messages?
- Policies to securely give out verbal messages?
- An updated BAC (Business Associate Contracts)?
- Policies and Procedures in case of a breach?
The extra effort of finding a quality, HIPAA compliant, medical answering service will be worth your time and help you avoid what could become a very unfavorable, time consuming, and costly situation.