When evaluating a potential medical call center or answering service vendor, be sure that they can demonstrate how their operations will comply with HIPAA regulations.

Anyone in charge of the operations of a medical practice understands there are many tasks that need to be completed on a daily basis. With a healthcare practice, customer interaction is vital. Your patients want to speak with a representative even outside of normal office hours. Because of this, many offices consider utilizing an answering service to provide patients the level of personal contact they require. However, before you trust your important patient information to a medical call center, you want to make certain that the information will be protected. Not only do you want to do this as a service to your patients, but you are responsible for making certain that HIPAA privacy standards are upheld by the call center from which you contract services.

Learn more about the different ways a call center can follow these HIPAA guidelines so that you know what to expect when you contract with one of these organizations.

What are the Basic HIPAA Requirements?

The entire set of HIPAA privacy regulations is quite complex and as such outside the scope of a short blog. However, the basic layout of the requirements are as follows:

The goal of HIPAA is to protect the health information of patients. Protected health information relates directly to an individual’s past, current, or future medical care. This can include health care billing and payment information, as well as demographic information.

Patients have the right to decide how their health care information is used. Therefore a patient must sign a release of information before it can be shared outside of the doctor-patient setting. The reasoning behind this is that it will better control how patient medical records are managed.

Once the health care professional has information from a patient, they are required to follow certain guidelines to protect it. Wrongful disclosure or misuse of medical information is prohibited and could subject a medical professional to fines and/or imprisonment.

Because of the stringency of these guidelines, it is vital a doctor’s office only work with a call center that will keep the information just as secure as the practice itself.

Assessing a Potential Call Center for HIPAA-Compliance

There are a number of ways that the medical call center can keep patient information confidential. However, look for call centers that at the very least follows these simple guidelines:

Hires only screened professionals to work with sensitive data: This can prevent an inside information leak. Ask any prospective answering service provider what sort of screening process they have in place for agents that answer calls on behalf of healthcare providers.

This can prevent an inside information leak. Ask any prospective answering service provider what sort of screening process they have in place for agents that answer calls on behalf of healthcare providers. Follows a privacy policy: This can mean not accepting sensitive information over unsecured email or data connections. Changing the way data is shared can make a big difference in its overall security.

This can mean not accepting sensitive information over unsecured email or data connections. Changing the way data is shared can make a big difference in its overall security. Flexibility: Ensure the call center has the flexibility to work with your practice to develop customized procedures and policies that make sure your specific needs are met.

Ensure the call center has the flexibility to work with your practice to develop customized procedures and policies that make sure your specific needs are met. Data Encryption: Utilize encryption on computers, smartphones, and any other devices that house patient information. This can prevent information from leaking to a hacker or in a case of an accidental breach of the computer’s basic security system.

Utilize encryption on computers, smartphones, and any other devices that house patient information. This can prevent information from leaking to a hacker or in a case of an accidental breach of the computer’s basic security system. Regularly conducts security assessments: This ensures that the facility does not have any gaps in privacy services.

This ensures that the facility does not have any gaps in privacy services. Has a disaster recovery plan: Should a catastrophic event befall the call center, a properly conceived disaster recovery (DR) plan will ensure that all data pertaining to your business and your patients remains secure and can be restored and retrieved.

Should a catastrophic event befall the call center, a properly conceived disaster recovery (DR) plan will ensure that all data pertaining to your business and your patients remains secure and can be restored and retrieved. Call center management and staff receives on-going HIPAA training: Staying up-to-date on current practices and regulations requires an ongoing dedication to training.

Your medical call center provider is an important business partner that provides a critical service to your business - IT handle patient communications so that your staff can focus on patient treatment. Since so much patient information flows through the call center or answering service, it is every bit as important for the call center to be HIPAA compliant as it is for your internal team to be compliant. You should undertake a thorough review of a potential call center’s practices in order to be confident that your patients' information will be properly handled.

About Patricia Fox

Founder and President of Unicom Teleservices, an HIPAA Compliant Answering Service based in Chicago, IL. For almost 3 decades, Patricia has led Unicom to be a leading answering and call center service. She is proud that the average client has been with Unicom for over 10 years.

Patricia obtained her Master's Degree in Political Science and Government from Loyola University Chicago.