Companies in or adjacent to the healthcare industry likely know about the necessity of protecting patient health information. The Health Insurance Portability and Accountability Act provides federal requirements for keeping patient records confidential. It also includes some pretty severe monetary and legal consequences for individuals and organizations that don’t follow regulations.
It’s important to realize that outsourcing workflow doesn’t remove your responsibility for upholding requirements. Here’s what you need to know about selecting a call center vendor when you’re working with patient records.
What Processes Fall Under Purview?
To understand whether your call center needs to be compliant, first consider what services the call center vendor is providing. If the vendor will need to have access to any patient information to complete these services, then compliance is a must.
Some examples of call center tasks in or related to the healthcare field that involve patient information include:
- Answering, responding to or routing any type of patient calls, whether it’s to assist with making an appointment or answer questions about bills
- Providing answering service assistance when offices are closed
- Seasonal or temporary call services to assist with initiatives such as blood drives
- Handling calls that aren’t patient facing but involve patient information, such as insurance concerns or calls from business or clinical partners
Why Choose a HIPAA-Compliant Call Center?
Ensuring your healthcare call center is compliant provides a number of business benefits for your organization, including:
- Keeping you out of legal trouble; violations perpetrated by your business partners can be held against you legally
- Reducing the risks of fines or sanctions; if your partners aren’t compliant, you could end up footing the bill for fines or lose the ability to bill federal payers such as Medicare and Medicaid
- Increasing the chance that patient information is held in confidence; rules are aimed at creating best practices to protect personal health information (PHI)
- Boosting patient confidence in your organization; when you can let patients know that you and all your business partners are compliant, they can trust that their information is as safe as you can make it
Questions to Ask to Ensure Compliance
So, how do you ensure you’re working with a HIPAA compliant call center? First, ask. If the call center doesn’t know what it is or how to ensure it’s compliant, those are bad signs.
Second, consider asking these specific questions to find out if the call center is covering some of the basics.
- Are text communications encrypted? If the call center plans to transmit any information via text or SMS messages, it must use an encryption service to do so. That’s true even for call centers that provide answering services and must page or text physicians or other healthcare providers when necessary.
- What about email? Compliance requires the use of either S/MIME certifications or TLS encryption for email servers. Standard web-based email definitely doesn’t meet the requirements.
- What information is saved and how? Your call center should not typically be storing patient information on its own servers, Find out what information it needs to handle a task, how that information will be collected and transmitted and how it will be deleted or disposed of once the task is handled.
You’ll also want to ensure that any call center vendor you work with trains its staff to remain compliant with requirements.
For more information contact us today.