A major concern for private medical practices, dental practices, and other types of health clinics is keeping patient information confidential and in accordance with the Health Insurance Portability and Accountability Act. HIPAA was established to protect each patient’s privacy and to ensure that all patient files are secure and never shared with another party without the patient’s written consent. Call centers services can be tricky with these industries because it's unknown what's happening to any patient information that goes through the call center. Are they handling it appropriately, or are patients at risk? Is your call center HIPAA compliant? Here are a few ways to find out and determine compliance:
Call centers need to have the appropriate security measures in place to protect patient information. This includes up-to-date answering service technology (to protect against security breaches better) and a regular data backup plan. There needs to be enough procedures in place to ensure a patient's privacy and that information isn't accidentally shared or given to someone without the patient's permission. If you don't do the due diligence and find the right call center services, then you could be held liable in case anything happens to this information.
If you're unsure whether or not your call center services have enough security measures in place, take the time to ask about their data security and disaster recovery procedures. If there aren't any procedures in place, the the information is at risk for a breach, which could violate HIPAA if the right information has been compromised. It also means that something could happen and the provider might not know right away. Also ask about non-technical procedures, or implementing additional measures, such as adding a privacy statement to relevant faxes, shredding paperwork, or preventing someone walking by and getting a passing glance at information.
Your call center services provider might be compliant and may have an understanding of HIPAA, but those in the medical and dental industries should also make sure that the individual call center representatives are doing their part as well. This is more than just following company rules. Call center services that are HIPAA compliant would also be requiring their employees to attend training seminars and to stay up-to-date with any changes to the regulations. They also need to know how to handle your patients when on the phone with them, and how to handle any personal information they are given. Depending on the vendor, this may be your responsibility (most services customize to their clients, so you can request a certain protocol with your phone calls) or the vendor may take responsibility to send them to seminars or to do additional training.
Many call center services will monitor and record the calls for their employees, even if its just for quality assurance or employee evaluations. However, if they do record a call between an employee and a patient, it's important to make sure that the call center services handle the recording according to HIPAA rules. This could mean using software to change the voice or to hide the personal information within the recording as well as proper storage and disposal of the recording.
Since call center services serve as an extension of your business, it's possible that you can work with the call center services provider on HIPAA compliance. It's great if you can find a provider who specifically caters to the medical and dental industries and knows all about what needs to be done, but it's more likely that the provider would need some help from your end. If you're not sure if your current call center services are compliant, take the time to ask questions and to inform your provider of what needs to be done.