Skip to content

[vc_single_image image=”5498″ img_size=”full”]

HIPAA Contact Center Essentials

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its impacts are felt by Americans almost daily. From the HIPAA privacy notifications we receive from hospitals, doctors, dentists and others, to the lines we stand behind at the pharmacy counter to allow privacy for the person ahead of us, we frequently encounter HIPAA-initiated situations. While these are relatively minor inconveniences, HIPAA can have more significant implications for contact centers that routinely interact with protected health information(PHI).

Contact Centers Impacted by HIPAA

Any contact center, regardless of size, that has access to PHI must adhere to HIPAA regulations. This includes “covered entities” (health plans, healthcare clearinghouses and healthcare providers) such as hospital business offices as well as “business associates” (persons or organizations contracted by covered entities), like out-sourced third-party debt collectors. It also includes benefit management companies, one- or two-person doctor’s office “contact centers,” and many others. The good news is that the Act recognizes “one size does not fit all” when it comes to volume of PHI or risk of exposure from one organization to another. To allow for these differences, the Act includes “flexible” and “scalable” standards; however, it does not mean that no standards apply.

HIPAA Guidelines

Contact centers working with or considering working with PHI should take time to understand applicable HIPAA requirements. Start with the two primary building blocks: the Privacy Rule (protecting personally identifiable health information) and the Security rule (operationalizing the privacy rule – keeping PHI safe electronically, on paper and verbally). A summary of both rules are at www.hhs.gov/ocr/privacy/hipaa/understanding.

Here are some of the essentials from the Privacy Rule and Security Rule that contact center leaders should know:

  • Ensure responsibility for HIPAA compliance within your company. The Act requires that a Privacy Official and Security Official be designated; however, depending on the size of the organization, they may be the same person.
  • Address the three HIPAA areas of concern – administrative safeguards, physical safeguards and technical safeguards:
    • Administrative safeguards include managing access to PHI, HIPAA compliance training (for new employees and ongoing) and regularly evaluating all HIPAA security measures
    • Physical safeguards cover access controls to facilities, workstations and electronic media
    • Physical safeguards cover access controls to facilities, workstations and electronic media
  • When it comes to PHI, it is all about “minimum necessary.” PHI includes virtually all information, from patient names to medical procedures. The Act requires usage of the least amount of PHI to accomplish a task. Minimum necessary compliance should be monitored in the quality assurance (QA) process and modeled in conversations within the contact center.
  • HIPAA does not include a certification process. It is up to each organization to understand which HIPAA requirements apply to them and to be in compliance with those standards.

Final Thoughts

HIPAA compliance should not be taken lightly. Failure to adhere to HIPAA regulations can result in fines and, if violated with malicious intent, prison sentences. If your contact center is looking for assistance in becoming HIPAA compliant, please contact Jana Benetti at Jana.benetti@DMGConsult.com or 623-935-4111.

Ask the Experts

Question:
What is proactive customer care?

Answer:
DMG Consulting defines proactive customer care (PCC) as “a business strategy that makes the lives of consumers, partners, constituents or employees better and easier by addressing issues before a problem or need arises. PCC enables organizations to identify and pre-emptively address customer needs, and preventively avert customer difficulties by sending pertinent messages or other communications to customers and other interested parties who have opted to receive them, at the most advantageous time.” PCC facilitates multi-channel outreach that puts customer concerns at the forefront while driving desired business results… Read More

Have a question for the DMG Experts? Ask Us!

DMG Consulting LLC is a leading independent research, advisory and consulting firm specializing in unified communications, contact centers, back-office and real-time analytics. Learn more at www.dmgconsult.com.