What is HIPAA?
The Health Insurance Portability and Accountability Act provides measures for protecting medical information.
This federal law requires that all organizations or persons working in the health care industry and those who have access to protected health information (PHI) comply with federal privacy and security regulations.
Privacy regulations apply to all persons having access to PHI, while security regulations apply to those handling electronic protected health information. This includes health care providers, mental health providers, dentists, pharmacies, insurance providers and their employees and business associates.
Why is the Health Insurance Portability and Accountability Act important?
HIPAA was enacted to protect patient privacy. It allows patients to designate who may be allowed access to medical records and to obtain copies of those records. It also imposes civil and criminal penalties on any individual or organization in violation of its policies.
HIPAA impact on organizations
Organizations must undergo three steps to receive HIPAA certification:
- All employees who may have access to protected or identifiable health information must undergo HIPAA Awareness Training.
- To protect and secure protected or individually identifiable health information, an organization must administer electronic controls and formal documentation.
- Organizations must assign and train a HIPAA compliance officer to oversee adherence to federal regulations.
What is the HITECH Act?
The Health Information Technology for Economic and Clinical Health Act was signed into law in 2009. This act was created to encourage the use of electronic health records (EHR), and to strengthen the HIPAA Security Rule. To safeguard protected health information, the security rule establishes policies and procedures that must be adopted by any organization or individual having electronic access to this information. It requires the following:
- All health information must be made indecipherable, either by encryption or other methods.
- All organizations and individuals working on behalf of covered entities (business associates) are subject to the same privacy and security rules as providers.
According to the HITECH Act, business associates are required to comply with all regulations contained in the HIPAA Privacy and Security Rules. Civil and criminal penalties for violation of these requirements extend to all business associates.
What is a business associate?
According to HIPAA, an associate is any individual or organization that performs a function or activity on behalf of a covered entity. Examples of services provided by a business associate include administration, quality assurance, billing, practice management, consulting and numerous others.
Any individual or organization requiring the disclosure or distribution of protected health information is considered a business associate.
Because we provide answering service to clients in the medical, home health care and hospice industries, Centratel is required to comply with HIPAA rules and regulations. To safeguard patient information, Centratel Answering Service has taken extensive precautions to ensure that all information is kept secure. To maintain this level of security we employ the following:
- Confidentiality and security training for all staff members
- Secure text messaging
- Encrypted email
- Secure web portal
- Medical information is kept secure and unviewable from all passersby
Centratel is aware of all privacy and security rules and regulations and offers HIPAA compliant options to our clients. As the highest quality telephone answering service in the United States, we are committed to providing the utmost privacy and security for the clients and providers we serve.
“To safeguard patient information, Centratel Answering Service has taken extensive precautions to ensure that all information is kept secure.”