This is part two in a two-part series. You can read part one here.
We discussed how to find a medical answering service that will provide excellent customer care in part one of this series, but what we’ve yet to address is your patient’s data security. HIPAA compliance is just as vital to your success with a medical answering service as customer service.
Your Medical Answering Service Partnership
Many doctors and medical professionals are unaware that by hiring a medical answering service, they’ve created a type of partnership. In fact, under HIPAA, your answering service is considered a HIPAA Business Associate, which means that they have to follow all the same rules that you do in regards to privacy protection. It also means that any mishandling of patient data by your answering service may be your responsibility in part or in full.
The penalties for violating HIPAA can be stiff. Even if you had no idea you were violating HIPAA, like in a situation where your business associate left some data unsecured and hid it from you, the maximum penalty can be up to $50,000 per violation. That’s why it’s so important to ask a lot of questions and plan a visit to your top five medical answering service candidates.
Finding a HIPAA-Compliant Business Partner
Once you’ve eliminated the medical answering services that don’t provide the type of customer service you need, it’s time to get down to the nitty-gritty. This means another round of interviews and on-site visits to ensure that your future medical answering service is as serious about HIPAA as you are.
Asking your prospects about their data security, training and HIPAA-compliance procedures is a step in the right direction, but you need to go one step further and request a HIPAA audit report. It should include reports on essential services like OS patch management, antivirus software, firewall health and offsite backups.
How Are The Medical Answering Service Agents Trained?
In addition, you’ll want documentation of their training methods for medical answering service professionals. Do they teach data safety in a correct way and ensure that all employees maintain a HIPAA-compliant workplace? Are files kept in locked drawers and locked rooms with limited access?
Lastly, you should get a signed business agreement that meets the specifications of the current HIPAA laws. Not only must your medical answering service be willing to certify that they’re currently in compliance with HIPAA, but that they will remain so as long as they provide services for your patients.