Is HIPAA Compliance Enough?

HIPAA compliance

In the healthcare industry, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is well-known. As a healthcare organization, HIPAA defines you as a covered entity (CE). Furthermore, your answering service functions as your business associate (BA). To meet your HIPAA responsibilities as a CE, it’s critical that your answering service meets the requirements as your BA.

In short, your answering service must be HIPAA compliant. But is that enough?

More Than Periodic Training

HIPAA regulations require that you and your answering service undergo regular HIPAA training. However, they don’t define how often is enough or what this training should entail. Many organizations have taken it upon themselves to assume that annual HIPAA training is adequate to meet this mandate. This sounds reasonable, but is that enough?

Advanced medical answering services go beyond the requirements of HIPAA. This includes their HIPAA education process. In addition to training new employees on HIPAA, these forward-thinking answering services go beyond the accepted norm of annual training. Instead they conduct quarterly HIPAA reviews with all employees.

This ensures that all their staff is aware of any recent developments when it comes to HIPAA compliance. It also provides timely reinforcement of what HIPAA entails and expects. Without these regular reminders, it’s too easy for otherwise well-intended employees to lose sight of the critical mandates required by HIPAA.

Business Associate Agreement Contract Confirms HIPAA Compliance

Another HIPAA best practice is to provide a business associate agreement contract. This lays out, in legal terms, the steps your answering service will do to ensure that they are in HIPAA compliance. Having an executed HIPAA business associate agreement in place also offers healthcare providers a degree of legal protection for any HIPAA errors that may occur with their answering service.

Only the best medical answering services have the confidence to commit in writing what they will do too adhere to HIPAA regulations. This proves they have the best interest of their clients and their clients’ patients in mind.

Additional Security Measures That Exceed HIPAA Compliance

HIPAA regulations also address the security of information, specifically protected health information (PHI). This covers patient data as it’s transmitted and as it stored. For many answering services these requirements demand extraordinary effort and may seem excessive.

However, for leading medical answering services, these HIPAA stipulations to safeguard patient information are common sense. In addition, they go beyond the expectations of HIPAA to provide enhanced data security protection that surpasses what most in the industry offer.


As a healthcare provider, it’s critical that you take HIPAA seriously. You know this, and you do this. It’s equally critical that your answering service take HIPAA just as seriously—because you’re on the hook if they don’t.

Even better is selecting an answering service that exceeds the mandates of HIPAA compliance and is 100 percent focused on healthcare.

Learn how medical answering service from MedConnectUSA can help your practice, clinic, or facility. Then get a free quote to discover how affordable their healthcare communication services are. Peter Lyle DeHaan is a freelance writer and call center authority.