How To Tell If Your Medical Answering Service Is HIPAA Compliant
Hiring a medical answering service is the best way to keep your patients up to date during all hours of the day and night. However, using a service that fails to follow the HIPAA guidelines to protect patient data from being intercepted could leave you on the hook for paying thousands of dollars in fees and fines. Double-check that the HIPAA certified service you are hiring conforms to the current rules with these simple tests.
Ask About Training
How often do employees at the answering service complete refresher and update courses to keep them knowledgeable on the intricacies of HIPAA law? Check into the thoroughness of the courses the company uses for their employees too. Seminars that last multiple days and include tests to measure the knowledge of the participants offer a lot more reassurance than two-hour informal discussions held infrequently.
Watch Out for Alphanumeric Paging
Alpha and numeric paging systems were commonly used for forwarding patient data in off-hours prior to the development of HIPAA. Unfortunately, these codes still include too much information that could be used to identify the patient. Paging systems are also woefully insecure and prone to snooping from unsavory third parties, so skip any medical answering system that still uses paging.
Use Secure Messaging
So if you can't rely on paging for picking up important info from your answering service, what can you use for communications? Look for secure and well-tested encrypted text messaging or email systems instead that run on their own carefully developed applications. Multiple layers of encryption keep outsiders from stealing patient information even if they get a hold of the messages. Remember that text messages and emails can still be stolen after you receive them on your work device, so make sure you're still practicing HIPAA compliance on your end with the information you receive.
Check Physical Security
All the digital security in the world can't protect the medical answering service from basic breaches. If a stranger can stroll into the office and start opening up computers and files to steal information, your HIPAA compliant provider could still cost you a lot in fines. Ask the service about physical safety precautions like
- Locked file cabinets
- Password protected computers that lock out users when the device sits idle for a few minutes
- Multiple layers of encryption for all internal emails and messages, even if they don't contain client information
- Monitoring and ID card systems to limit unauthorized access to the areas where patient information is stored.