If you work in a pharmacy, health insurance company, hospital, or other medical practice, you know about HIPAA. The Health Insurance Portability and Accountability Act of 1996 obligates healthcare providers and business associates (those who work in and around healthcare environments, like IT administrators) to safeguard the privacy and integrity of the personal health information, or PHI, of patients.
The HIPAA statute is made up of a variety of rules that provide national standards in protecting and securing patients’ PHI and other identifiable health-related data.
It can, yes. For example, call recordings between doctors and patients can discuss a patient’s health details. Voicemails left by patients at the doctor’s office can have specific details regarding medical procedures. And faxes to a pharmacy can have a patient’s name and birthdate connected to specific prescription medications. That’s why it’s important to properly secure voicemails, SMS messages, and other phone call related recordings if you work in a doctor’s office, dental practice, or other medical-related field.
The HIPAA statute defines a variety of procedures for when breaches of PHI occur. And besides law-defined penalties for non-compliance, there are also reputational repercussions to your organization that must be considered.
1. Share phone numbers, recordings, menus, and more across multiple locations.
Cloud communications can bring multiple sites under one shared administrative account. This not only saves money previously spent on individual phone lines, but also lets users dial any phone as an in-network extension, with call handling functions such as hold and transfer.
2. Pool personnel across multiple locations to reduce calls on hold and provide foreign language assistance.
With system-wide call queuing, multi-site practices or insurance companies can pool office staff in every location to answer all incoming calls to a main number, reducing patient wait times. Organizations can also leverage, for example, the Spanish-speaking staffer in one location to handle Spanish-speaking callers to all other sites.
3. Make and receive calls with professional caller ID from any phone or location.
Many cloud phone system providers offer softphone applications that run on a computer or smartphone. These apps allow users to access the phone system remotely, so doctors can answer work calls and view inbound caller ID information, no matter where they are. They can also easily transfer calls to colleagues. When they need to make a work call, their outbound caller ID will display the office phone number, a favorite feature for on-call staff who may be away from the practice and carry only their personal phone.
4. See who's available across the organization to receive transferred calls.
With a clear view of coworkers' availability—available on many VoIP services—users can avoid transferring patients' calls to unattended extensions or voicemail, averting frustration. When staff are there to answer, patients can be transferred from lab results to follow-up scheduling or refill requests, accomplishing more with each call.
5. Video calling can extend physician reach to underserved areas and workplaces.
If a cloud phone service includes video calling, practitioners can leverage this richer medium for better informed (and more billable) consultations. These calls can support telehealth visits and remote medical device readings, extending clinicians’ reach into underserved areas.
6. Video calling aids and encourages use of online patient portals.
Since voice and video sessions can be provided through a web browser, video chat can be embedded in an online patient portal. Being able to see the medical assistant, say, answering questions, may encourage more patients to sign up for these increasingly popular portals. By logging into a secure website, patients can access personal information as well as view lab results, send secure messages to doctors, track immunization records, and schedule appointments.
7. Easily retrieve voicemails and other call recordings.
Many hosted VoIP services offer call recording, which is gaining use in healthcare settings for a variety of reasons, from documenting remote visits, to training employees, to protection from spurious malpractice suits. As a digital file containing individually identifiable health info, these recordings require encryption in transit and at rest. With a VoIP service used in a HIPAA-compliant way and proper policy enforcement, these recordings can be securely shared among other members of the practice group. (Of course, the practice should confirm whether consent to record is required under state law.)
All of the previous information is intended to help medical and dental practices take advantage of the power and flexibility of hosted VoIP phone service while keeping HIPAA requirements in mind. However, healthcare providers need to remember that they are ultimately responsible for complying with HIPAA. Even the most secure technology can be used in an insecure way that creates a potential HIPAA violation. This is why training all employees who handle PHI is so important.
At the end of the day, healthcare organizations must recognize that HIPAA compliance is only one part technology. Policy establishment and documentation, training, and enforcement make up the other parts. Oral, paper, and digital media storage strategies and messaging must be thoroughly considered.