There are a lot of different regulations when it comes to medical practices, and one of the most important is HIPPA. HIPPA, or the Health Insurance Portability and Accountability Act as been around since 1996 to protect patient’s private information. At No More Phone Tag, our staff is fully trained in HIPPA compliance, and we attend regular trainings to ensure our systems are the best possible.
There are specific regulations within HIPPA which all healthcare providers, health plans and healthcare clearinghouses, known collective as the Covered Entities, have to follow. Within these regulations there are two different rules, the Privacy Rule, for patient personal health information (PHI) as well as the Security Rule, which requires the three Covered Entities to take steps to safeguard PHI through technology, administration, and physical aspects of the practice.
To be considered HIPPA compliant medical answering services there are specific steps that the answering system has to have in place. These are most commonly associated with technical aspects of security, but it can also deal with administrative aspects that have to in effect as well.
While many businesses may offer their services and advertise as being HIPPA compliant medical answering services, it is critical for the medical professional or administrator to verify this is, in fact, the case.
Common issues that are noted as violations of HIPPA policies with third-party live operator types of answering services can include:
- Data not encrypted – any patient information (PHI) has to be encrypted both when being transmitted as well as when being stored. This means that it cannot be left accessible, which is a very real problem in call centers where call logs and automatic messages may be stored or sent via unencrypted email, SMS, or other types of messaging.
- Data on devices – in some cases there can be security breaches within a system, particularly if it is not encrypted, which provides access to information to an outside party. In addition, stolen devices from a service such as laptops or smartphones can also be a source of non-compliance.
- No Notification – if there is a breach or if HIPPA regulations are not followed, it is up to the individual administrator to report this to the Department of Health and Human Services within 10 days from the breach. When this doesn’t happen, or it is late, or if measures are not taken to prevent the issue in the future there can be fines assessed.
Often with live operator systems the non-compliance is due to staff that is not HIPPA trained. This is costly for call centers to implement, so they may not bring in experts, leaving their staff unaware of the proper procedures to safeguard PHI.
When using a virtual HIPPA compliant medical answering services, these issues are simply not a factor. This is why more and more small to large sized medical facilities are utilizing these options with greater security for PHI through our highly secure virtual phone systems.