Very simply, you cannot afford to continue with your current answering service if they are not compliant. PatientCalls top-rated medical answering service is the most trusted business associate and industry leader among our HIPAA-compliant medical answering service constituents. We are proud to ensure PatientCalls provides the proper levels of security for our company, your practice, and all patients. 

How HIPAA Affected the Healthcare Industry 

The need to protect an individual’s personal health information gave rise in 1996 to the creation of HIPAA, or the Health Insurance Portability & Accountability Act. Since then, HIPAA, HITECH, and Omnibus regulations have forced the implementation of additional security and compliance methods for organizations handling personal health information. These have encompassed significant legal and technical challenges within the industry including medical and healthcare answering services. 

The security and privacy of protected health information (PHI) were strengthened tremendously especially within the HITECH & Omnibus as it relates to HIPAA. Now, details of a patient’s medical condition, healthcare treatments, contact information, billing information, and incurred payments must be more secure and private than ever before. These regulations have fundamentally impacted how a patient’s information can be stored and transmitted.   

Since September 2013, the responsibility to comply with HIPPA has shifted to include covered entities, as well as their business associates and subcontractors that handle PHI. Now, these entities share the same levels of liability as the organizations they serve. In fact, covered entities are fully responsible for performing risk audits of the business associates which they rely on to collect, store, and transmit personal health information.  

The Impact of HIPAA on Medical Answering Services 

Experts have dubbed PHI security the most expensive requirement within the HIPAA Privacy & Security Rules. These important regulations apply to medical answering services, which store and transmit PHI, and they have had major implications in terms of technological and procedural upgrades. For answering services, the costs involved with reaching compliance are high and making the required changes is time-consuming. 

Legacy answering services had to rethink and redesign their storage and transmission procedures related to sending PHI to medical staff via text messaging, alphanumeric paging and e-mail. These traditional methods are no longer considered secure within the context of HIPAA-HITECH-Omnibus. In addition, medical answering services must now provide the proper levels of encryption, accountability, and password protection for all parties who access PHI both internally and externally.        

Try PatientCalls Today!

How PatientCalls Ensures HIPAA Compliance 

PatientCalls is consistently at the forefront of HIPAA / HITECH / OMNIBUS compliance and we partner with our clients to ensure that they meet regulations. Our company provides all the documentation and technological solutions that your organization needs for HIPAA-compliant medical answering services. With our assistance, your company is enacting the right security measurements to avoid costly fines and embarrassing non-compliance violations

Auditing Requirements 

As a covered entity, your organization must audit all business associates, including your answering service, in order to mitigate your risk of breaching HIPAA/OMNIBUS regulations. PatientCalls helps to organize those audits and assumes the required responsibility that your office demands of us. Additionally, our HIPAA Compliance Officer (HCO) implements stringent and frequent internal audits of our policies and staff members to ensure PatientCalls stays ahead of its competition within the medical answering service and call center industry. 

Technology 

We deploy exclusive and proprietary methods of encryption technology to securely obtain, store, and transmit all personal health information (PHI) in order to provide confidence for our covered entities.           

E-mail 

Answering services are restricted from sending traditional e-mails that include PHI without identifying possible security limitations within the transmitting and storage network. In response to these requirements, PatientCalls has implemented specific security measures and the use of secure web portals for PHI retrieval. 

SMS/Text Messaging 

Text messages including patient information must be transmitted with the proper encryption and password protection. Despite the importance of mobile devices to our everyday lives, current cellphone carrier networks and mobile devices that support text messaging do not meet the security requirements for HIPAA compliance. To provide the same immediacy and convenience as traditional texting, we developed PatientNote, a HIPAA-compliant mobile message service app. 

866-333-7922

Frequently Asked Questions

How do I know if my current answering service is HIPAA compliant?

This answer is simple, just call your current answering service and ask them. But first, please make sure that you educate yourself about a few simple HIPAA requirements, shown below, that every answering service should understand. 

  1. Who is your HIPAA Compliance Officer? 
  1. Have your agents been trained in HIPAA / HITECH / OMNIBUS? 
  1. When was the last documented training and how often is the training refreshed? 
  1. Is your e-mail and text solution secure with encryption and/or password protection? 
  1. Does your office use Windows XP or any earlier version of Windows? 
  1. Auditing logins – Does your answering service software have the ability to audit logins in real-time and prevent unauthorized users which would result in PHI breaches? 
  1. What prevents one of your employees from stealing a PC that stores PHI information on it? 
  1. Are you willing to sign our Business Associate Agreement? 
  1. Are you properly storing, transmitting, and destroying all messages within the system which contain PHI as required by HIPAA guidelines? 

If your current answering service does not have an immediate answer to the questions above then we suggest looking for a new HIPAA-compliant medical answering service. 

The requirements of HIPAA are incredibly more detailed than the above eight questions. If your current answering service does not have clear or immediate answers, then there is a high probability that they are currently not HIPAA compliant. 

As the covered entity, you must ask yourself if you are prepared to give your answering service more time to become HIPAA compliant and risk violations, fines, and possible criminal charges. 

Are their consequences if a covered entity does not use a HIPAA-compliant answering service?

Based upon HHS requirements and documented fines from PHI breaches, you are exposing your business and personal wellbeing to hefty fines and/or criminal charges due to the severity of the breach and if those violations are deemed the result of ‘willful neglect.’ 

Is alpha paging and/or numeric paging HIPAA compliant?

No. Any traditional transmitting method like alphanumeric paging is not considered secure, therefore NOT HIPAA compliant. This is due to the absence of encryption and password protection of PHI being electronically transported. Some answering services and medical offices in fear of losing this antiquated technology have revised their policies to only allow for the transmitting patient name and telephone number. The argument is that a ‘patient’s name and telephone number is not considered PHI since that information can be found in public listings.’ Initially, we agree with the assessment that information obtained in public locations would not be deemed PHI. HOWEVER, once a name and phone number can be linked with any medical relevance, then any information obtained publicly being transmitted in its simplest form would be considered PHI and would require proper security and protection as defined by HIPAA. 

Does an answering service have to be HIPAA compliant?

Yes. Your organization, defined as the covered entity, hires the answering service to capture PHI verbally and to store and transmit PHI in an electronic form, defined as ePHI. The Final Omnibus Ruling provides specific requirements for handling and transmitting ePHI. 

Therefore, all medical answering services that store and transmit protected health information (PHI/ePHI) must maintain HIPAA compliance at all times. 

It is also the responsibility of your organization, defined as the covered entity, to perform a risk analysis of your current answering service in order to determine possible PHI breach points of storing and transmitting PHI. 

Scroll to Top