This answer is simple, just call your current answering service and ask them. But first, please make sure that you educate yourself about a few simple HIPAA requirements, shown below, that every answering service should understand.
- Who is your HIPAA Compliance Officer?
- Have your agents been trained in HIPAA / HITECH / OMNIBUS?
- When was the last documented training and how often is the training refreshed?
- Is your e-mail and text solution secure with encryption and/or password protection?
- Does your office use Windows XP or any earlier version of Windows?
- Auditing logins – Does your answering service software have the ability to audit logins in real-time and prevent unauthorized users which would result in PHI breaches?
- What prevents one of your employees from stealing a PC that stores PHI information on it?
- Are you willing to sign our Business Associate Agreement?
- Are you properly storing, transmitting, and destroying all messages within the system which contain PHI as required by HIPAA guidelines?
If your current answering service does not have an immediate answer to the questions above then we suggest looking for a new HIPAA-compliant medical answering service.
The requirements of HIPAA are incredibly more detailed than the above eight questions. If your current answering service does not have clear or immediate answers, then there is a high probability that they are currently not HIPAA compliant.
As the covered entity, you must ask yourself if you are prepared to give your answering service more time to become HIPAA compliant and risk violations, fines, and possible criminal charges.