HIPAA Compliance for Medical Practices
70.8K views | +3 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

8 Ways HIPAA Compliant Cloud Phone Systems Help Healthcare

8 Ways HIPAA Compliant Cloud Phone Systems Help Healthcare | HIPAA Compliance for Medical Practices | Scoop.it

If you work in a pharmacy, insurance company, hospital, or any kind of healthcare practice, you know about HIPAA. The Health Insurance Portability and Accountability Act of 1996obligates all healthcare providers or payers to safeguard the privacy and integrity of the personal health information, or PHI, of patients. You also know that it's about much more than securing digital data files: It's what obligates the pharmacy technician to ask customers in line to step back from the pickup counter; it's what requires hard copy patient records to be kept out of reach of unauthorized personnel.

 

Also under HIPAA's umbrella? Telephone usage.

As with oral or written information, compliance in digital voice and video is achieved through a combination of technology tools and proper practices. When you store it, (think voicemails, recorded calls) digital voice puts the "e" in ePHI (electronic personal health information) where HIPAA's more stringent security (as opposed to privacy) rules apply. Here, it's important not just to keep patient information from unauthorized persons; it's important to ensure such data is locked down or encrypted in such a way that it can't be accessed or changed.

It's no small chore to establish HIPAA compliance; that's why few hosted VoIP providers have performed the required policy and procedure improvements, documentation, employee training, ongoing monitoring, and physical security audits. Some, however—including OnSIP—have taken this step. By being certified to sign the Business Associate Agreements that HIPAA requires, providers assure customers that they take on responsibility for compliance as regards their voice and video platform. In the process, they extend to healthcare the considerable benefits of cloud communications that non-regulated industries have enjoyed for years.

 

Here are eight examples of how a healthcare practice can benefit from an HIPAA-compliant cloud phone system:

1. Share phone numbers, recordings, menus, and more across multiple locations.

Cloud communications can bring multiple sites under one shared administrative account. This not only saves money previously spent on individual phone lines, but also lets users dial any phone as a in-network extension, with call handling functions such as hold and transfer. OnSIP's network-wide encryption ensures that such calls cannot be tapped at any point on the IP network. (For a good example of how this works, see how Open Arms Treatment Center unified multiple office locations.)

2. Pool personnel across multiple locations to reduce calls on hold and provide foreign language assistance.

With system-wide call queuing, multi-site practices or insurance companies can pool office staff in every location to answer all incoming calls to a main number, reducing patient wait times. If they want to respond even faster, they can even recruit home-based workers. These remote staff can use personal computers or phones as extensions on the network. Organizations can also leverage, for example, the Spanish-speaking staffer in one location to handle Spanish-speaking callers to all other sites.

3. Provide staff with EHRs and patient information from PMS apps upon incoming calls.

Just as cloud phone systems are easily integrated with business CRM software to pop customer information on customer service agent screens, an integration with a PMS can pop patient info, saving office staff time in making appointments or handling insurance claims. Such integrations also makes it easier to dial out to patients, by enabling click-to-dial functionality on a computer. It further helps ensure that patients are reached through the numbers they requested to receive calls—as required by HIPAA—since it is easy to embed those clickable numbers prominently on their records.

4. Make and receive calls with professional caller ID from any phone or location.

Many cloud phone system providers offer softphone applications that run on a computer or smartphone. These apps allow users to access the phone system remotely, so doctors can answer work calls and view inbound caller ID information, no matter where they are. They can also easily transfer calls colleagues. When they need to make a work call, their outbound caller ID will display the office phone number, a favorite feature for on-call staff who may be away from the practice and carry only their personal phone.

5. See who's available across the organization to receive transferred calls.

With a clear view of coworkers' availability—available on some services—users can avoid transferring patients' calls to unattended extensions or voicemail, averting frustration. When staff are there to answer, patients can be transferred from lab results to follow-up scheduling or refill requests, accomplishing more with each call.

6. Video calling can extend physician reach to underserved areas and workplaces.

While patients are by now well acquainted with video calling, the Skype and Facetime appsthey use are not HIPAA compliant. If a HIPAA-certified cloud phone service includes video calling, practitioners can leverage this richer medium for better informed (and more billable) consultations. These calls can support technician-assisted telehealth visits and remote medical device readings, extending clinicians’ reach into underserved areas. Technician-assisted medical kiosks, equipped with video calling and devices such as digital stethoscopes and blood-pressure monitors, have been installed in workplaces to encourage employees to take better care of their health.

7. Video calling aids and encourages use of online patient portals.

Since voice and video sessions can be provided through a web browser, video chat can be embedded in an online patient portal. Being able to see the medical assistant, say, answering questions, may encourage more patients to sign up for these increasingly popular portals. By logging into a secure website, patients can access personal information as well as view lab results, send secure messages to doctors, track immunization records, and schedule appointments.

8. Easily retrieve voicemails and other call recordings attached to EHRs and PMRs.

Many hosted VoIP services offer call recording, which is gaining use in healthcare settingsfor a variety of reasons, from documenting remote visits, to training employees, to protection from spurious malpractice suits. As a digital file containing individually identifiable health info, these recordings require encryption in transit and at rest. With a HIPAA-certified cloud service and proper policy enforcement, these recordings can be securely shared among other members of the practice group, or attached to a patient record in a similarly secured practice management or EHR system.

 

At the end of the day, healthcare organizations must recognize that HIPAA compliance is only one part technology. Policy establishment and documentation, training, and enforcement make up the other parts. Oral, paper, and digital media, storage strategy and messaging must be thoroughly considered.

 

If you’re considering a cloud phone system for your office or practice, a good place to start is by reviewing HIPAA’s privacy and security rules. Since at least 11 states add more stringent patient protections to the ones imposed federally, their rules must be reviewed as well. For this, we recommend Health Information & the Law, a project of the George Washington University's Hirsh Health Law and Policy Program and the Robert Wood Johnson Foundation. If you provide medical care, you should consult a lawyer familiar with your state’s health privacy laws. Finally, you should also commission a third-party auditor to determine what parts you may be missing before implementing a cloud-based communications solution.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
Scoop.it!

You Have an EHR- But are you HIPAA Compliant?

You Have an EHR- But are you HIPAA Compliant? | HIPAA Compliance for Medical Practices | Scoop.it

Adopting an EHR platform is an important step into the digital age, but are you protecting your behavioral health practice with HIPAA compliance?

For many behavioral health practices, choosing an EHR–or electronic health records–platform has been becoming more pressing. National conversations about health data moving away from paper files have been growing since the HITECH Act was first passed in 2009.

Many EHR platforms advertise that their services are HIPAA compliant. This is an excellent measure that should be used to judge the safety and integrity of the data being stored in the EHR system.

However, there is a major misconception surrounding the use of HIPAA-compliant EHR systems and having a HIPAA-compliant behavioral health practice.

It’s important to remember that just because you use a HIPAA-compliant EHR vendor, it does not mean that your practice is in any way HIPAA compliant.

What Does HIPAA Compliance Require?

HIPAA compliance for behavioral health specialists includes an extensive series of privacy and security standards as outlined by federal HIPAA regulation. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has strict guidelines, which health care providers must adhere to in order to be HIPAA compliant.

Some of these requirements include:

  • Self-Audits – HIPAA requires you to conduct annual audits of your practice to assess Administrative, Technical, and Physical gaps in compliance with HIPAA Privacy and Security standards.
  • Remediation Plans – Once you’ve identified gaps, you must implement remediation plans to reverse compliance violations.
  • Policies, Procedures, Employee Training – To avoid compliance violations in the future, you’ll need to develop Policies and Procedures corresponding to HIPAA regulatory standards. Annual staff training on these Policies and Procedures is required.
  • Documentation – Your practice document efforts you take to become HIPAA compliant. This documentation is critical during a HIPAA investigation with HHS.
  • Business Associate Management – You must document all vendors with whom you share protected health information (PHI), and execute Business Associate Agreements to ensure PHI is handled securely and mitigate liability.
  • Incident Management – If your practice has a data breach, you must have a process to document the breach and notify patients that their data has been compromised.

Once again, the importance of having a HIPAA-compliant EHR system is invaluable–especially in the age of Meaningful Use incentives and federal guidance moving away from paper records. It’s essential that you adopt a complete HIPAA compliance solution in your practice in order to fully prevent against the data breaches and OCR fines that are growing year-by-year.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.