AnswerNow Guides How New HIPAA Regulations Impact Medical Answering Services

Transcription

1 How New HIPAA Regulations Impact

2 Recent updates to the Health Insurance Portability & Accountability Act of 1996 (known as HIPAA) have caused major waves throughout the healthcare and medical answering services industries. This update drastically strengthens privacy and security of Protected Health Information (PHI). PHI includes all information related to a patient s healthcare, including medical conditions, treatments and payments made for care. Basically, the new rule affects how patient information can be disseminated. For example, medical call center providers will no longer be able to send any patient related information through unsecured or unencrypted channels. When you dig deeper into the requirements, you can see the profound implications of this update. Why Are These Changes So Critical? Experts call the new rule the most sweeping change to HIPAA Privacy and Security Rules ever implemented. The update enhances patient privacy rights and protections, as well as bolsters the government s ability to enforce regulations with healthcare providers and their business associates. For answering services specifically, the new regulations are a big deal because they eliminate text messaging from the communications landscape if the messages contain PHI. communication is still allowed, however, all clients must have a secure TLS connection with their answering services in order to receive encrypted messages via . Digital messaging has proliferated across organizations and healthcare is no exception. In fact, many businesses depend on it. And few healthcare providers want to return to using archaic pagers, especially since there is no way to secure or encrypt information sent to an alphanumeric pager. As security rises to the forefront in an exploding digital age, HIPAA must take measures to increase protection and better control of PHI. The recent updates expand security requirements to business associates of healthcare organizations. In addition, the changes broaden the definition of what exactly constitutes a business associate.

3 Basically, a business associate is any contractor, subcontractor or vendor that receives PHI. As of the rule s September 23, 2013 compliance date, healthcare organizations must enter into privacy and security agreements with business associates and their subcontractors. This doesn t seem too challenging until you realize wireless carriers and Internet Service Providers (ISPs) are now considered business associates under the new rules. Because sensitive electronic PHI in the form of text messages and s may be stored on carrier or ISP servers, these entities must now comply with HIPAA regulations. Any individually-identifiable health information in electronic form must be secured when it is stored, maintained or transmitted. How Does This Affect My Answering Service? Because HIPAA rules consider messages via text or paging unsecure, answering services will not be able transmit messages containing PHI using these mediums. The only ways answering services can send these messages are through a secure web portal, over a telephone call or via a secure messaging application. To protect the privacy of patients and comply with current HIPAA regulations, answering services must do the following when transmitting electronic messages with PHI: Text Messaging - Delivery of messages containing patient information must now be encrypted. Because text messages are not stored on a secure server by cell phone carriers, current SMS (short message service) technology does not provide the necessary layer of protection to comply with the new standards. Therefore, answering services must offer a secure HIPAA messaging application compliant with the new changes. The application needs to provide several security features, including full point-to-point encryption and password protection. Using secure interfaces, answering services can transform mobile devices into reliable, HIPAA-compliant tools. Communication becomes seamless and the encrypted message content cannot be copied or sent outside the system.

4 By employing these secure applications, answering services and their healthcare clients can leverage the advantages of texting to accelerate internal communications and care coordination. They can improve their productivity, make decisions faster and improve the overall patient care they deliver. And, they ll remain compliant with all HIPAA requirements. Messaging - The new guidelines restrict answering services from sending any s containing protected health information without a secure network connection. To be fully compliant, medical call centers must provide secure website access for its healthcare clients. The secure site allows clients to view encrypted messages through a protected portal. TLS Connections - As a result of the stringent HIPAA updates, medical answering services should work with their clients to establish secure TLS connections. Short for Transport Layer Security, TLS is a data encryption protocol that guarantees privacy and data integrity between client/server applications communicating over the Internet. TLS ensures connections remain private and reliable. If medical answering services do not implement the above measures, HIPAA requires their wireless carriers and ISPs to comply. For example, when processing and storing patient s PHI, these business associates must provide secure servers, controlled access to the servers and server rooms, security training at least twice a year, and a completed Business Associate Agreement for themselves as well as any outside vendors who work on the carrier s infrastructure. How Outsourcing Assures HIPAA Compliance If you work with a highly qualified answering service, you can eliminate the hassle of ensuring business associate compliance. An experienced answering service will have intimate knowledge of the latest HIPAA requirement and have the technology, applications and processes in place to ensure your organization remains fully compliant. When you consider non-compliance penalties for a single violation can reach $1.5 million, the stakes are too high to trust your messaging to just any answering service. HIPAA rules are extremely complex and it s easier than you think to unintentionally violate them.

5 Since your organization might not have adequate internal resources to effectively carry out a compliance program, outsourcing to a proven HIPAA-compliant answering service makes good sense. A well-qualified answering service will be able to shine through any HIPAA audit. They ll be able to demonstrate how PHI is transmitted and where it s securely stored. With a HIPAA-compliant medical answering service, you don t need to rely on a wireless carrier to transmit PHI. For HIPAA compliance purposes, the carrier isn t considered a business associate. What should you look for in a medical answering service? A good candidate should: Demonstrate a thorough understanding of all HIPAA regulations Have a clean record free of any HIPAA violations Explain all compliance processes and activities Use secure and integrated messaging applications and technology that allow the same encryption, decryption and sender/receiver authentication as major financial websites In today s environment, few healthcare organizations have the necessary budget, in-house expertise, tools, technology or staff to operate a HIPAA-compliant answering service. Outsourcing eliminates the challenges and provides a wide range of benefits. In addition to maintaining HIPAA compliance, a top answering service will lower operational costs, facilitate patient satisfaction, boost patient revenue, access specialized expertise, increase flexibility and create more value overall for the organization.

6 Working with AnswerNow AnswerNow s dedicated healthcare team, works exclusively with medical providers, hospitals, healthcare facilities and other businesses in the healthcare field. Our team ensures the clients and patients of our healthcare customers receive excellent care and attention when they call. In addition, our healthcare processes and technologies are fully compliant with all HIPAA requirements. We understand you can t risk using an answering service that could compromise patient privacy or allow unauthorized access to medical records. Therefore, we communicate securely with clients using our secured web portal, phone lines and/or messaging applications. For example, AnswerNow has integrated TigerText, CellTrust and SmartPager secure messaging applications within our call center operation, in addition to utilizing the secure messaging application integrated with their call center platform SecureNow. These interfaces allow secure, HIPAA-compliant communications, even on mobile networks. By sending messages directly through these applications, we allow a seamless transition from your onsite processes to our afterhours coverage. Maintaining the same high standards of secure messaging as the client s office means patient information will be treated with a consistent level of protection and privacy 24/7. By integrating messaging applications, AnswerNow is able to offer you: Secure, real-time, text messaging -- even via mobile networks A constant level of security 24/7 -- during business and non-business hours Lowered risk of unauthorized access to medical records Full regulatory compliance, including the latest HIPAA updates Seamless transition from your onsite communications processes to our after-hours coverage In addition, AnswerNow establishes secure TLS (Transport Layer Security) connections with all of its clients. We guarantee privacy and data integrity between client/server applications communicating over the Internet.

7 The AnswerNowMD team has the required expertise, experience and ongoing training to manage the complexities involved in patient care. Specific medical call center services include: Call center outsourcing Co-sourcing Employment screening Voic response and prioritization Customer service Data entry Discharge and patient surveys Patient follow-up Bilingual (Spanish) and interpreter services HIPAA secure messaging 24-hour messaging with multi-channel message output Appointment scheduling Appointment reminder live and automated To learn more about how we can help ensure your HIPAA compliance, call for a custom quote or visit our website.