If you are in the medical field and use answering service for doctors officeto communicate to patients, you should ensure your answering service is conforming to HIPAA regulations. Why you may ask? Failure to do so will cost you a lot in form of HIPAA violation fines.
Since the answering service providers are your business associates, their adherence to HIPAA guidelines is mandatory because they access private information of patients. For instance, if your patient calls and the answering service writes their name and medical problems that is personal information. So, if your answering service claims that they are fully compliant with HIPAA directives, there is a list of things they should not do as discussed below. If they do, then that is a red flag that you should find someone else.
No Texting of Protected Health Information
If your business is governed by HIPAA, it is vital that patient information is protected making texting of this private information contrary to the regulations. Central to this is the fact that phones can be hacked into or stolen to retrieve the messages. This will definitely expose patients’ sensitive details which are not right.
Any texts from your service provider should either be a new message alert or encrypted. This allows you to safely log into a web portal or mobile app to access the messages. If a web portal or a mobile app is lacking, a phone call will do.
No Emailing Protected Health Information
Apart from texting, your answering service provider should not email the patient’s information. If they email, it should be encrypted or be an alert instructing you to log into a portal that is secure to access the information. There are instances a patient can give consent to email information. In this case, you will need to communicate with your service provider to customize the given patient information accordingly.
No Paging Protected Health Information
Just like emailing and texting, it is a HIPAA violation to send patient information to an alpha pager. Because the messages are not encrypted, it is unsecured. Remember, the alpha pagers are not protected by passwords. Therefore, in instances, someone steals or you lose it, the data will be exposed easily. That said, however, there are some alpha pagers that are compliant to HIPAA that you could use.
No Leaving Protected Health Information on Voicemail
Urgent situations might lead to a violation of HIPAA regulations. When the answering service cannot reach you, they should either leave a number you can call once available or leave no message at all. Leaving information of patients on voicemail is a violation of HIPAA. Generally, leaving information on any device or platform that can be easily breached is unacceptable according to HIPAA standards. Ironically, using fax is compliant with HIPAA directives.
Giving Medical Advice is a No-No
This is not entirely a HIPAA violation but can be a huge liability for any medical professional. Meaning the answering service for doctors office could at times give professional advice to patients on behalf of the physician without any knowledge or the doctor’s consent which is not right.