As a medical professional you need to be up on the latest privacy laws, because they can have a huge impact on your practice. There are several issues concerning privacy and some of them can be taken care of when you choose HIPAA compliant answering services. Here are some things to know about HIPAA compliancy and choosing the right HIPAA Compliant answering service.
Defining “Breach”
After the final OMNIBUS rule became effective, the term “breach of privacy” definition was changed. Before the rule, breach meant revealing protected health information (sometimes referred to as PHI) which included zip code or birthday details. In other words, if these items were not in the material, then it was not officially a breach of privacy. However, after the OMNIBUS final rule, all breaches of info are to be treated the same, so there are no exceptions.
Breach Notification Laws
Did you know you must notify the proper authorities and the patients involved if your practice has accidentally released personal information about your patients? This also includes information obtained by illegal hacking. Before these laws came into effect, it was up to the entity responsible to decide whether this info should be made public. Now, this is not the case.
Even if you are using HIPAA compliant answering services, you should have an excellent plan for risk management in place and also the services of a trusted attorney. Effective risk management programs for medical professionals should include answering services which are safe, secure, and comply with all the privacy laws.
Risk Assessment
Risk assessment and management is essential to any business, and especially for medical professionals. In fact, if your practice is guilty of releasing private health information, you must follow the law, which includes a risk assessment for these things:
• The event which led to the breach of info must be described in detail. This must also include the likelihood of reoccurrence.
• You also have to mention which parties received the unauthorized information (if this is known).
• The report must say if the information was actually seen by the individuals involved.
• You need to mention just how serious the risk is.
Agreements with Associates
Everyone you do business with (who may come in contact with personal information) must understand they cannot sell personal information and they must be made aware of patients rights. You need to be sure your agreement language is up to date. There are many things to consider when it comes to patient’s rights of privacy, and when you choose HIPAA compliant answering services from No More Phone Tag, your job is less complicated.
