Medical answering service for doctors, physicians, and medical groups nationwide.

Use A HIPAA Compliant Answering Service To Avoid Violations.

hipaa compliant answering service
phone 866-333-7922

Top 5 Answering Service HIPAA Violations

Does a Medical Answering Service have to be HIPAA Compliant ?

 

Very simply, the answer is YES!

 

Your organization, defined as the Covered Entity, hires the answering service to capture PHI verbally and to store and transmit PHI in an electronic form, defined as ePHI. The Final Omnibus Ruling provides specific requirements for handling and transmitting ePHI.

 

Therefore, all Medical Answering Services that store and transmit Personal Health Information (PHI / ePHI) must maintain HIPAA Compliancy at all times.

 

It is also the responsibility of your organization, defined as the Covered Entity, to perform a RISK Analysis of your current answering service in order to determine possible PHI breach points of storing and transmitting PHI. Below are 5 of the most probable HIPAA Violations currently being overlooked by Covered Entities.

Top 5 HIPAA violations currently being committed by other answering services.
These security breaches not only put themselves at risk for HIPAA fines, but also their clients, considered Covered Entities. If you currently use another answering service or call center, you may be at risk. PatientCalls is already compliant in all HIPAA regulation and security protocols. For more information, call us directly at 866-333-7922 or go here to get more information on our 14-day free answering service trial.

 



Unsecured EmailsIf your answering service is sending unencrypted/non password protected emails containing PHI to your office or staff members.



Sends emails with password protected PDF’s over an encrypted path.


Unsecure SMS/TextsIf your answering service is transmitting Text Messages / SMS messages which are unencrypted/password protected and contains PHI, such as, patient name and telephone number to your office and staff members, including doctors after hours.




Sends SMS notification to view urgent messages over our encrypted and password protected portal with accountability of PHI being viewed with dates and time.



Alpha - Numeric Paging If your answering service is sending any PHI, such as Patient Name or Telephone Number. Alpha paging transmissions are not encrypted, therefore, violate HIPAA regulations. In addition, Alpha devices are not considered HIPAA Compliant storage devices.



Prohibits the use of the Alpha paging devices and redirects all PHI information being transmitted electronically to secure email or SMS via our secure portal or other approved software solutions, such as but not limited to Gmail or Office 365.




Absence of Named HIPAA Compliancy Officer (HCO) – If your answering service does not have a defined HCO with the proper credentials and training.





Exceeds HIPAA Requirements by naming an Operational HCO and a Technical HCO.

Absence of Business Associate Agreement. – If your answering service does not have signed Sub-Contractor Business Associate Agreements on file with all software vendors whom have access to any Personal Health Information being stored or transmitted.




Has BAA’s and BAC’s in place with all clients and sub-contractors as well as posts our BAA on a secure web link to all clients on their monthly Invoice which acts as our backup and default and binding agreement between parties in event a BAA is lost or accidentally destroyed.

Below are a few more added probably HIPAA Violations in which your organization should discuss with your current Medical Answering Service.



Message Archiving – If your answering service is not properly securing, storing, and destroying PHI Information as required by HIPAA guidelines.



Stores and destroys PHI appropriately under HIPAA Guidelines. We do not allow any PHI to be stored or retrieved within our Voicemail system.


Agent Training – If your answering service has not provided adequate and frequent training of their staff and management.





We start with the basics and test our staff periodically. PatientCalls also created daily training procedures which are fully integrated into our CRM application and of which agents must acknowledge prior to logging off of their work shift.
PHI Access Auditing – If your answering service is not properly auditing or logging all events of accessing PHI due to employee log ins and/or customer access from a verbal or electronic perspective.



Developed detailed access event logs and reports to support periodic auditing and created cyber- security features which block or prevent any user (employee, customer, hacker) from accessing any PHI after multiple and repeated authentication failures.


Cyber Security – If your answering service is not properly deploying firewalls or necessary means to track and warn of cyber threats.





Developed a unique firewall which monitors all SMS/WEB portal traffic for malicious activity with the ability to block IPs attempting any unauthorized access of PHI.
protected health information
View the PHI Flow Infographic to see the flow of PHI between:
- Your Patients
- Answering Service
- Your Office / OnCall

 

 

 

 

 

 

 

 

 

 

 

hipaa breach data

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

62% of All HIPAA Patient Record Breaches Involved A Business Associate!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Violation Liability Extends to BA's & It's Sub-Contractors.
Choose Your Business Associates Wisely.

hipaa fines

With PatientCalls you no longer have to worry about your answering service being a part of these shocking statistics. Using our exclusive PatientNote service, you can rest assured that all data transmissions to and from PatientCalls meets or exceeds all HIPAA, HITECH, & Omnibus laws and regulations.

Do you already have an answering service handling your calls? Ask them if they have all HIPAA communication regulations covered by the technologies they use as well as organizational practices. If you are not satisfied with the answers you receive, contact PatientCalls right away and protect your business immediately.

Try PatientCalls Medical Answering Service
& PatientNote FREE for 14-Days!

 



Toll-Free Number: 866-333-7922
 
E-Mail: Info@PatientCalls.com
 


Serving the medical community for over 15 years.

PatientCalls Medical Answering Service Top Rated - 4.9 / 5 based on 1,491 Customer Reviews!