How HIPAA Has Affected the Medical Answering Service Industry
Every individual requires the proper care including excellent healthcare facilities and the necessary levels of security in order to enjoy a great quality of life and to have comfort in knowing their personal health information (PHI) remains confidential at all times.
Such confidentiality and the requirement to protect an individual's personal health information gave rise in 1996 to the creation of HIPAA or the Health Insurance Portability & Accountability Act. Since then HIPAA/HITECH/Omnibus regulations have forced the implementation of additional security and compliance methods for organizations handling personal health information which have encompassed significant legal and technical challenges within the medical and healthcare industries including medical and healthcare answering services.
The security and privacy of Protected Health Information (PHI) were strengthened tremendously especially within the HITECH & Omnibus as it relates to HIPAA. Therefore now, details of a patient’s medical conditions, healthcare treatments, contact information, billing information, and incurred payments must be more secure and private than ever before.
Put simply, these implemented rules have impacted how a patient’s information can be stored and transmitted and is precisely why call center providers and answering services thriving within the medical and healthcare industries had to perform heavy lifting in order to comply with past and current HIPAA regulations. Now, in short, there are legal and fundamental procedural differences between an answering service of past and a HIPAA Compliant Medical Answering Service of present. And you must be aware of all of the differences.
What makes these privacy changes so critical?
Experts have dubbed PHI security as the most expensive requirement within the HIPAA Privacy & Security Rules. Experts have done so because apart from improving patient privacy rights, such rules reinforce the government’s capability of enforcing a set of laws with healthcare providers and others professionally associated with them. Finally, the costs for answering services alone in order to comply with HIPAA have been very expensive and time consuming.
Prior to the Omnibus Ruling, Covered Entities assumed most of the responsibility in failing to comply with HIPAA regulations, however, after September 2013, all Business Associates and their sub-contractors who handle PHI have the same levels of liability as the Covered Entities they serve. However, Covered Entities are still fully responsible for performing risk audits of the Business Associates in which they allow to collect, store, and transmit personal health information. This can not be forgotten about.
As you can see, such changes in security requirements and fault liability was shuffled to all entities, now inclusive of medical answering services, which store and transmit PHI of which has had major cost consequences due to the required technological and procedural upgrades to perform in order to comply with the September 2013 deadline
For reference, please review PatientCalls ePHI flow diagram (show the link or provide a small picture with link) for PHI storage and transmission points specific to a medical answering service and its clients which ensures PatientCalls' expertise and resolve in our HIPAA Compliancy.
How do these changes affect the traditional or legacy answering service?
Due to required HIPAA security, legacy answering services had to rethink and redesign their storage and transmission procedures specifically related to sending PHI to medical oncall staff, via text messaging, alpha-numeric paging and emailing because the these traditional methods are not considered secure within the context of HIPAA-HITECH-Omnibus. In addition, medical answering services must now provide the proper accountability and access logs for all parties whom access PHI both internally and externally.
At present, no medical answering service should be deploying any legacy methods to transmit messages that contain PHI and should have implemented specific methods which are inclusive of the proper levels of encryption and password protection to ensure PHI is not disclosed or intercepted during its transmission or accessed by unauthorized parties while being stored electronically. Such security requirements have given rise to secure web portals, secure messaging applications, and encrusting emails within encrypted paths between various recipients of PHI.
In order to safeguard privacy of patients and remain compliant with current HIPAA regulations when transmitting any form of electronic messages containing PHI, answering services are required implement the following;
Emailing: Answering services have been restricted from sending traditional emails that comprise of PHI without identifying possible security limitations within the transmitting network which includes the storage devices on both ends. New concepts include providing secure web portals for PHI retrieval or the implementation of additional security measures as PatientCalls has done.
SMS/Text messaging: If SMS/text messages include any patient information their delivery must also be secure, which includes encryption and password protection. The current carrier networks are not secure therefore current SMS technology also fails to offer the required security.
So when considering how mobile devices have transformed our methods of communication, the medical answering service providers have had a large task to overcome so it is imperative for you, the Covered Entity, to ensure and vet the proper medical answering service, like PatientCalls. PatientNote is our answer to securing PHI over SMS.
Mobile Devices: Some may think that mobile devices are secure simply because you can create a strong password for entry into the mobile desktop, however, mobile devices are not secure within the context of HIPAA. Therefore, you must be 100% certain that your medical answering service is not sending data insecurely or that your staff is saving any PHI within the mobile devices. PatientCalls at no time asks you to store PHI on your mobile device and has taken the proper measures to help you become HIPAA compliant.
TLS Connections: As a data encryption protocol, TLS guarantees a portion of data security, however, standing alone, TLS does not comply with HIPAA, therefore, the medical answering service must be creative in their attempts to deploy TLS as a part of their security requirements.
As you can see the answering service industry has evolved in the following manner;
Medical Answering Service
HIPAA Compliant Medical Answering
PatientCalls top rated medical answering service is the most trusted Business Associate and industry leader among our HIPAA Compliant Medical Answering service constituents and is proud to have the ability to accurately elaborate upon and to help educate our viewers and prospects of the shear necessity of ensuring your medical answering service is HIPAA compliant and to ensure PatientCalls provides the proper levels of security for us, you, and your patients.
After all, your medical answering service provides more hours of coverage for your office then your daily staff, so please do not waiver on your requirements to find and utilize the proper answering service.