HIPAA Compliant Medical Answering Service
PatientCalls is the most trusted HIPAA-compliant medical answering service in the healthcare industry. We are an industry leader and proud to ensure the proper levels of security for our company, your practice, and all patients.
Medical answering services need to be HIPAA compliant because they are part of a network of medical professionals and healthcare providers entrusted with sensitive patient data. Health Insurance Portability and Accountability Act regulations help assure patient confidentiality which is expected throughout the medical field.
How We Ensure HIPAA Compliance
PatientCalls is consistently at the forefront of HIPAA / HITECH / OMNIBUS compliance and we partner with our clients to ensure that they meet regulations. Our company provides all the documentation and technological solutions that your organization needs for HIPAA-compliant answering services.
With our assistance, your company is enacting the right security measures to avoid costly fines and violations for non-compliance that damage a company’s reputation and expose patients to undue risk. Here are some of the measures that PatientCalls takes to protect patient privacy and safeguard data.
Secure Data Handling & Storage
PatientCalls deploys exclusive and proprietary methods of encryption technology to securely access, store, and transmit all personal health information (PHI). Our standard security measures – also including access restrictions and two-factor authentication – provide confidence for covered entity clients.
Our system stores and destroys PHI in accordance with HIPAA guidelines. We do not allow any PHI to be stored or retrieved within our voicemail system.
Secure Messaging of Patient Information
Our system prohibits the use of alpha paging devices and redirects all PHI transmitted electronically to secure e-mail or SMS. This is done via our secure portal or other approved software solutions, such as, but not limited to, Gmail or Office 365.
A phone answering service is restricted from sending traditional e-mails that include PHI without identifying possible security limitations within the transmitting and storage network.
In response to these requirements, PatientCalls has implemented specific security measures and the use of secure web portals for PHI retrieval. Our system sends emails as password-protected PDFs over an encrypted path.
Text messages including PHI must be protected by encryption and strong passwords. Current cellphone carriers and mobile devices do not meet these security requirements for HIPAA compliance.
To provide the same immediacy as traditional texting, we developed PatientNote. It sends SMS notifications prompting medical staff to view messages on our encrypted and password-protected app. This also provides accountability data regarding access to PHI and time stamps.
Cybersecurity & Physical Data Protections
PatientCalls meets HIPAA requirements for cybersecurity protections and physical data security measures for data access and storage. We have created cybersecurity features that monitor all SMS/WEB portal traffic and block any user (employee, customer, or hacker) from accessing any PHI after multiple and repeated authentication failures.
Staff Compliance Training
All call center agents working for PatientCalls are fully trained regarding cybersecurity awareness and security policies and procedures.
Auditing Requirements & Monitoring for HIPAA Compliance
As a covered entity, your organization must audit all business associates, including your trusted answering service, in order to mitigate the risk of breaching security and privacy regulations. PatientCalls helps to organize those audits and assumes the required responsibility that your medical office demands of us.
HIPPA Compliance Officer
PatientCalls exceeds HIPAA requirements by naming an Operational HIPAA Compliance Officer (HCO) and a Technical HCO. Plus, our HCOs implement frequent internal audits of our policies and staff members. Ongoing monitoring ensures that PatientCalls stays compliant and ahead of its competition among call centers in the medical field.
Business Associate Agreements
PatientCalls has BAAs and BACs in place with all clients and sub-contractors. We also post our BAA on a secure web link for all clients in their monthly invoices. This acts as our backup and binding agreement between parties in the event a BAA is lost or accidentally destroyed.
Documentation for Audits
Our system provides audit control reports to support the periodic security and privacy attestation that your business is required to perform. This includes detailed message delivery status reports, PHI access event logs, and quarterly risk assessment analyses.