Too many answering services put their healthcare clients at risk when it comes to following HIPAA (Health Insurance Portability and Accountability Act of 1996) guidelines. Some aren’t aware of HIPAA, others assume it doesn’t apply to them, and more than a few think they can take shortcuts and not get caught. But it’s not only their business they’re putting at risk, it’s also yours. If you are a healthcare organization, HIPAA defines you as a CE (covered entity) and your answering service as a BA (business associate). As a CE you are responsible for your BA complying with HIPAA regulations.
With so much at risk, you can’t afford to take chances. Ask these questions about your answering service.
Does Your Answering Service Know About HIPAA Guidelines?
The first thing is to check your answering service’s website, and see what they say about HIPAA compliance. If they don’t mention HIPAA, that’s a red flag. Ask them what they’ve done to implement HIPAA regulations. If they don’t know what you’re talking about or give vague answers, they’ll likely put you and your organization at risk. Don’t use their services.
Does Your Answering Service Have a Working Knowledge of HIPAA Guidelines?
Next, evaluate the comprehensiveness of what they say about HIPAA. Do they grasp what HIPAA entails and understand what they must do to comply with it? Though knowledge doesn’t equate to compliance, it’s a great start. Ask them for specific examples of the steps they take.
Does Your Answering Service Meet HIPAA Guidelines?
HIPAA compliance should start with staff training of HIPAA regulations. This must occur regularly, and they should be able to provide documentation that training of all staff occurred. Also, ask what steps they take to protect your patients’ PHI (protected health information), both for transmission and storage. Storage of data goes beyond their servers, to include cloud-based backups and off-site archival copies. All forms of storage must comply.
Does Your Answering Service Exceed HIPAA Guidelines?
Reputable medical answering services have taken these comprehensive steps to comply with HIPAA regulations. However, the best ones have gone beyond meeting their legal requirements and exceed HIPAA mandates. If so, that’s a huge bonus for your organization.
Does Your Answering Service Provide a Business Associate Agreement?
A business associate agreement (BAA) is a legal document that satisfies HIPAA regulations. It establishes the obligations and responsibilities of both parties, the CE and the BA. Never allow an answering service to handle any of your calls—specifically those that contain PHI—until they have executed a BAA. The fines can go as high as $50,000 per violation or per record.
Conclusion
Your practice, clinic, or healthcare center should take HIPAA seriously. Equally important is to only do business with a medical answering service that takes it just as seriously.
Learn how medical answering service from MedConnectUSA can help your practice, clinic, or facility. Then get a free quote to discover how affordable their healthcare communication services are. Peter Lyle DeHaan is a freelance writer and call center authority.