HIPAA compliance

What Constitutes HIPAA Compliance for a Medical Answering Service?

Updated post for 20 July 2020

Working in the medical field can be rewarding as well as challenging. One of the responsibilities of medical staff is ensuring the protection of patient information. Securing personal health information (PHI) is one of the most critical aspects of the medical field, and it is incredibly important for any Business Associate with access to patient information is properly trained and vetted to ensure they are HIPAA compliant.

What Does HIPAA Compliant Mean?

HIPAA refers to the Health Insurance Portability and Accountability Act. This legislation was passed in 1996 by Congress, and it focuses on setting industry-wide standards in the medical field, affording protections to patients and their families. These standards protect both health and medical information because of the strict criteria for maintaining patient confidentiality.

HIPAA compliance refers to the standards and safeguards put in place by any health organization and its’ associated staff, companies, business partners and any other technology integrated with patient PHI. These safeguards include network and system security measures as well as personal and professional guidelines that protect PHI.

What are the Three Types of Safeguards?

There are three different types of safeguards necessary for HIPAA compliance: administrative, technical, and physical. Administrative safety measures include proper training on policies and procedures as well as ensuring the other two safeguard procedures are carried out correctly. Many organizations now employ a HIPAA Compliance Officer to provide further oversight of this important responsibility.

Physical safeguards refer to the physical information and the structure that houses it. Making sure office entry points are secured is the easiest level of compliance you can implement. Having a multi-level security system in place is required to prevent unauthorized individuals from entering a HIPAA compliant environment. (ex: unique key fobs, cameras, etc)   Have you ever been at your doctor’s reception area and seen office staff write down sensitive information on “scrap” paper? This is common, and may not be malicious, but still a breach of HIPAA guidelines. Another form of physical safeguards includes access to areas of your organization where electronic equipment is housed. Only authorized employees should have access to these areas of your company.

Since HIPAA was adopted in 1996, the ways in which we do business (and interact with PHI) have changed dramatically. Technical safeguards are necessary to prevent a data breach of PHI. While no organization can claim to be 100% technologically secure, the technical measures put in place have us all operating from the same standard. Technology is highly vulnerable to lose or theft and our PHI is targeted in many ways, for many reasons. When interacting with technology, the easiest level of compliance discusses having unique usernames/ passwords for each employees’ access to PHI and systems managing PHI.

What is Considered a Breach of HIPAA?

As stated in HIPAA section 164.402, a breach is defined as “The acquisition, access, use, or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.”

How Do You Maintain HIPAA Compliance?

Maintaining HIPAA compliance means conducting extensive training for employees, to ensure they understand both the specific guidelines of HIPAA as well as the importance of preserving and protecting patient health information (PHI). At Anserve, extensive training is given to our employees before they even answer a call, and their training is updated annually to ensure all are in full compliance with HIPAA regulations.

  • Anserve offices maintain keyless entry
  • Our building and offices are recorded by camera 24×7
  • Employees have unique entry
  • Certain office areas are for “Authorized Employees”
  • Terminals have unique sign-on
  • Cell phones are restricted
  • Encrypted messaging is available
  • Anserve enters into Business Associate Agreements
  • Anserve employs automatic logoff technology
  • Anserve integrates with 3rd party messaging
  • Anserve employs a HIPAA Compliance Officer
  • We provide privacy screens on computers
  • Anserve partners with a Colocation for added measures
  • Our servers exceed HIPAA requirements
  • Each employee is required to pass HIPAA compliant certification

What is a Medical Answering Service?

Anserve’s Medical answering service is a 24×7 call center and answering service that will answer calls, take messages, and assist callers when the medical facility is closed, short-staffed, or out of the office. In addition to answering services, Anserve can also offer many other services to the medical community, such as telehealth and appointment services. Anserve provides support around the clock with bilingual and multilingual, HIPAA-compliant, agents.

In order to keep our HIPAA compliant medical answering service status, we partner with each of our clients to ensure we follow their procedures to meet regulations. We make sure to provide all the necessary documentation and safety procedures we need to be a HIPAA compliant medical answering service. We have the security measures in place to ensure your calls and communications are HIPAA compliant preventing expensive violations of HIPAA compliance. This includes compliance with audits and internal procedures that we strictly adhere to. We use secure encryption whenever we document, send, or store personal health information. We avoid email and provide access to secure web portals for access to personal health information. We also use secure encryption when using mobile devices.

How Much Does a Medical Answering Service Cost?

Another way of addressing this question is, How much money will using a call center or answering service save my organization? Fees for this type of service vary depending on who you’re sourcing from, what types of services your organization is in need of and how busy your office is. Anserve provides services for (i) startup offices needing a more-established perception (ii) startup offices in need of phone support (iii) organizations needing live answering without extending office staff hours (iv) organizations preferring to receive transcribed messages instead of listening/ understanding myriad of voicemails.

A Call Center is a complicated business. Do not mistake it for an added responsibility your Office Manager can attend to.

Using Anserve, you’ve partnered with an organization with over 50yrs experience. In doing so, you’ve quickly scaled your human resources, ensured your incoming calls are answered at the first ring and extracted the highest of quality information from each caller. Conversely, if you prefer to do this with in-house staff, you will have to manage a full-scale hiring process, extend your use of HIPAA-compliant technology, take-on compensation packages, add management oversight for your staff and pay attention to employee burnout…for starters.

Anserve will offer a Business Associates Agreement (BAA) to any Covered Entity and/or will comply with any BAA offered by the Covered Entity.