The complexity of today’s health care systems is requiring increased technology use for communication. The electronic health record (EHR) is quickly replacing paper-based systems, including those of home healthcare agencies. Indeed, as your agency expands to meet the needs of the aging population, so does the need for sophisticated communication.
Assuring Client to Cloud Compliance
HIPAA regulations have specific regulations regarding protected health information (PHI). These define what is protected and who is permitted to have that information. Included within this is whom a patient has, and has not, designated as being privy to their health status and needs.
Then there are the complicated aspects of PHI that is stored electronically (ePHI). And with that, how privacy is maintained when using multiple forms of technology. This is where your relationship with your home healthcare agency’s answering service comes in.
An answering service is unlikely to access ePHI from a cloud service. It does, however, have responsibility for providing security of any PHI transmitted electronically. An example is a text message to a nurse with a patient’s question about a medication.
Keeping Communication HIPAA Compliant
Your agency has hired an answering service to assure that your staff and patients can have timely communication. It is equally important that privacy is maintained. This includes two overarching levels of responsibility:
- As a healthcare agency, you are the covered entity (CE) according to HIPAA rules. This means you have the primary responsibility of assuring that staff functions and business agreements comply with HIPAA.
- As your agency contracts with other businesses to fulfill various work functions, some are administrative. HIPAA requires that agreements are made with these entities being classified as business associates (BA).
- One of these business associates is your answering service. The BA assumes a second level of responsibility, assuring that HIPAA-related requirements are in place.
Indicators of a HIPAA Compliant Answering Service
There are practices and factors that indicate an answering service is HIPAA compliant. This is information that both the BA and you as the HIPAA CE retain on file:
- Security and confidentiality training for all employees
- Text messaging is secure, including encryption for PHI
- Web portal security
- PHI is thoroughly secure and protected from view or access
- Passwords associated with access to PHI are securely managed
- Assures and documents periodic risk analysis to conform with HIPAA updates
In our next article about HIPAA compliance, we’ll delve into the specifics of a home healthcare agency’s relationship with business associates. Following that we’ll explore the use of a HIPAA compliance checklist to aid with risk analysis.