Call Center & Answering Service News

Are you HIPAA-Compliant?

HIPAA-compliance is a vital practice all businesses must adhere to when handling Protected  Health Information (PHI) and Electronic Patient Health Information (ePHI). Ever since the final  HIPAA omnibus ruling came into effect in March 2013, the Health and Human Services Office  for Civil Rights began cracking down on non-compliant Covered Entities and Business Associates.
 
Even with these new changes in effect, many Covered Entities and Business Associates continue  to  conduct their daily communications in an insecure manner and, whether aware or not, in a  method that is in clear violation of HIPAA’s standards.
 
Many are well aware of the consequences and have taken the necessary steps to become  compliant. For those who have not, or are not sure if they are compliant, we have outlined the  steps you can take to rectify this, as well as list the ramifications you may be subject to if found  in non-compliance.
 
The intention of this post is not to scold or make an example of anyone, but to educate  those who may still be in danger of being found in direct violation of HIPAA’s standards. 
 
An important first step to take to becoming HIPAA-compliant is to have a Business  Associate  Agreement (BAA) in place. You must share the BAA with all vendors such as answering services , shredding companies and anyone else who might come into contact with PHI. Once  these agreements are signed and all parties enter into the contract, it ensures that the Business  Associates meet HIPAA standards by protecting PHI. If they do not, they are liable and subject  to civil and criminal penalties for actions not authorized in your BAA.
 
In regards to having a BAA in place to further protect your PHI, it would also be beneficial to  your business or practice to consult with an attorney who has had experience with medical and  HIPAA regulations. When it comes to being compliant, it’s not necessarily a bad thing to be over  prepared.
 
One of the fastest growing concerns with the protection of PHI/ePHI is the use of SMS, also  known as “text messaging”. While convenient, it is commonly mistaken as a safe and secure  method of sharing PHI/ePHI.
Topics: Call Center Business Answering Service HIPAA