If you are a Healthcare or a Medical Community Professional, you may be experiencing the relentless 24 hour per day operation. Your patients trust you to support their continual medical needs that in many cases can not be reliably predicted, placing a tremendous amount of pressure on your shoulders.
Depending on your organization, the requirement for around the clock contact management between your patients and employees may vary. Regardless, your fundamental responsibility as a healthcare provider is to provide 24 hour responsiveness to patients’ health demands. Therefore, an important consideration with being available 24 hours per day is the cost of hiring and managing in-house personnel to manage the telephone.
Large organizations which already staff 24 hours per day may feel less of a cost burden than their smaller competitors, however, with the current economic environment and the continual requirement for more administrative work being placed on the on-call staff, the quality of 24 hour patient contact management may not be up to acceptable standards and could even affect readmission rates.
In small to medium sized healthcare organizations, hiring a full time employee for 2nd and 3rd shift to handle patient calls is too expensive and rarely makes sense therefore, many medical organizations turn to medical answering services and call centers to ensure their patients’ calls are never missed regardless of the time of day or night.
The best solution for medical organizations, including hospitals, is to hire a medical answering service, medical dispatch center, or medical call center in order to properly manage their patient calls.
Based upon our research, selecting a medical answering service can be a daunting task because “window shopping”, now mostly done via Google is a difficult and time consuming way to sort through marketing gimmicks starting with low monthly fees. Asking your medical affiliates for a reference can be beneficial if the medical answering service referred is 100% HIPAA Complaint, otherwise, you are sinking in the same black hole as your affiliate.
One thing is for certain, you are a Covered Entity and must choose whether to work with a HIPAA Compliant Medical Answering Service or whether to sacrifice quality for your patients and increase your risk of HHS fines due to HIPAA violations by selecting the wrong medical answering service or medical dispatch center. Your medical answering service is considered a Business Associate, therefore, you MUST be 100% positive that you find a HIPAA Compliant Medical Answering Service to fulfill your patient contact requirements while simultaneously protecting all Personal Health Information (PHI) being stored and transmitted at all times.
There are a few pitfalls that you need to be aware of when searching for the right HIPAA Compliant Medical Answering service.
Below are 6 very important areas to review, understand, and use as a guide during your new Medical Answering Service search.
When searching for a medical answering service, you have no doubt seen and have been attracted to the low priced options ($19.99 per month) or flat-rate prices regardless of volume. Although this appears attractive simply because all of us want to decrease cost, the issue with many of these services is quality, reliability, and accuracy. The only possible manner for low cost medical answering services to sustain such a low revenue model is to try and make their agents act super human by forcing them to answer 200-400% more calls than what a typical answering service or medical call center agent can physically handle. Therefore, the quality of service being provided is very low due to long hold times, high abandonment rates, unreliability, and severe inaccuracy due to high employee churn within the answering service. In addition, these types of services have a much higher client turn-over rate than a more expensive and higher quality answering service.
Finally, low cost medical answering service providers will most likely keep you up at night due to their inaccuracy in dispatching and following proper protocols. The more stress an answering service agent experiences, the more prone they are to taking short cuts and making mistakes. In most cases, low cost or flat rate medical answering services are not HIPAA Complaint Medical Answering Services due to lack of funding.
The simple fact is, it is expensive to become a HIPAA Compliant Medical Answering Service acting as your Business Associate. You need to make sure your answering service is not sticking it’s head in the sand, hoping for HIPAA to just go away; this is not going to happen and this behavior is drastically increasing your risk as the Covered Entity. In the end you need to ask yourself if saving $100, $200, $300 per month is worth HHS fines and the possibility of criminal charges if you choose to utilize a low cost, non HIPAA Compliant Answering Service. Remember, Omnibus started being enforced on September 23 2013 so please make sure you audit your current answering service for their HIPAA Compliancy. If any red flags present themselves, you MUST find a HIPPA Compliant Medical Answering Service to start servicing your business immediately! Ignoring HIPAA, HITECH, and Omnibus regulations for business associates altogether could be one of the most catastrophic oversights your organization could make for the future.
Is saving a few dollars really worth it in the long run if you choose a service that is not completely 100% compliant? Remember, if it looks too good to be true, it is !
2. HIPAA Compliancy
In a recent study specific to the answering service industry, it was noted that answering service owners were woefully uneducated regarding the specific security safeguards that HIPAA requires all BA’s to have in place while some answering service owners even acknowledged that they did not know what HIPAA referred to. We roughly estimate that only a handful of the approximately 1,500 answering services within the US are truly 100% HIPAA Compliant. The good news is that answering service owners are starting to become better educated on HIPAA, the bad news is that the majority of them may not have been able to meet the September 23rd 2013 deadline due to the sizable software upgrades and associated costs required. You immediately need to determine if your medical answering service was able to meet the proper deadlines.
We have seen answering services, throughout our Google search, that claim to be HIPAA compliant by listing a few bullet points, such as, server protections, filing cabinets with locks, and shredding equipment. These items are missing the majority of HIPAA Compliant guidelines in which a medical answering service must conform to, such as, proper training and security of transmitting PHI via email and text messaging. If any medical answering service references specific HHS guidelines, ask them about the specific guidelines to make sure HIPAA is not only being used as a marketing gimmick. Answering services quoting HIPAA is a good start but does not get to the core of what you require from an operational standpoint. Unfortunately, generic HIPAA references are nothing more than the basic security that comes with most website hosting accounts. Those in charge at the Health & Human Services (the government agency enforcing HIPAA) want quite a bit more security than that and the Covered Entity is responsible for their Business Associates’ actions if a breach of PHI has been encountered, this includes your medical answering service.
3. HIPAA Business Associates Agreement
This may seem basic , however many Covered Entities are not yet aware that the answering service is considered a HIPAA Business Associate and therefore needs to have an enforceable BA agreement in place. You are considered the Covered Entity and the answering service is your Business Associate, therefore, you have some control over requesting to use your Business Associates Agreement. Without having an agreement in place, you are placing yourself and your organization, the Covered Entity, at the risk of a WILLFUL NEGLECT VIOLATION by not knowing if your BA’s are complying with ALL mandatory HIPAA safeguards required by HHS.
These penalties include severe fines and possible criminal charges. In other words, the answering service you select is considered your Business Associate and due to the Omnibus Ruling as of January 2013, you are at risk and are required to audit your Answering Service and other Business Associates in order to meet the final deadline of Sept 2013.
4. Unsecured Texts & Emails and Alpha Paging
Please understand that the simplest patient information, such as patient name and telephone number, is considered PHI regardless if this information can be found in public locations like a phone book or internet directory because once there is an association made to medical relevance than the simplest patient information would be determined to be PHI.
Most answering services, including medical answering services and medical dispatch centers, do not properly incorporate the use of encryption or password protection when delivering important messages containing PHI to your office, doctors, employees, or practitioners. HIPAA guidelines state that all electronic transmission of PHI must be secure which typically means securing PHI by encryption and/or password protection. Traditional SMS and Text Messaging, Emailing, and Alpha-Numeric Paging are NOT secure due to lack of encryption and password protection.
Un-secure SMS, Text, Email, and Alpha-Numeric formats are considered a violation of HIPAA, HITECH, and Omnibus Regulations and can result in massive fines or criminal incarceration for those of willful neglect. Ongoing usage of such unprotected communication methods can result in civil and even criminal charges if any data breach is found due to these unprotected communications. If your medical answering service does not utilize encryption or password protected emails, texts, SMS, and Alpha-Numeric pages or does not provide a secure web portal to view message information, you are at risk and should vet a new medical answering service immediately.
Please immediately re-evaluate your current medical answering service for your own protection.
5. Automated Service
We also found a few automated services being advertised. These services are affordable and advertise their ability to overcome the mistakes of the traditional and antiquated answering service industry. We find this claim to be completely false and invalid and issue for major concern because all automated systems lack human interaction which is imperative in the quality of patient care. In utilizing any automated service, your patients are forced to speak into a voicemail which is very impersonal and lacks human reasoning. Your patients also do not have the ability to ask specific questions such as which doctor is on-call or what is the follow up status of their first call or if they should go to the local ER.
The interaction between a live medical answering service agent and your patient is paramount within any decision making process and should not be overlooked. Remember, an automated system is only as accurate as the information setup within the system itself, therefore, if your office forgets to update the automated on-call rotation, your patients quality of care will suffer in the end increasing your liability.
Finally, these automated services must also comply with HIPAA guidelines, therefore, the storing and transmitting of PHI within the voicemail system must be secure at all times. Does the automated system provided daily auditing logs required by HIPAA, these are the questions you need to ask when using an automated medical dispatch patient care system.
6. DO NOT Overlook The Technology They Use!
Other factors to look for include whether you are seeking urgent or non-urgent services, business day versus after hours and if you have a specific directive plan that you need to put into place. Some answering services are not as flexible as others which must be taken into consideration. Depending on the type of software or system the medical answering service is utilizing, any preferred call handling and dispatching may or may not be available to you, regardless of quality claims.
Look for a medical answering service that has complete control over its technology and software, and is not reliant on 3rd party or shelved software solutions, that all too often are not up to date, require extensive downtime for upgrades, or face a business continuity dilemma when their technology breaks down. In the case of HIPAA compliancy, practically no answering service software package of previous versions, has the ability to conform to HIPAA requirements and may require 4-9 months to implement the latest software revision from their provider. Look for a medical answering service or medical dispatch center that uses the latest and greatest vendor version, which has secure PHI transmission features.
Please consider PatientCalls.com as a forerunner to becoming your new HIPAA Compliant Medical Answering Service. Our team is willing to help educate anyone needing guidance or achieving their milestone to HIPAA Compliancy. We also don’t mind deploying common sense solutions, such as, GMAIL or Microsoft 365, since both providers announced their HIPAA Compliancy features as well as recognizing their responsibility of acting as a HIPAA Business Associate.