Many regulations and standards have been established to protect the security and privacy of consumer information. The Health Insurance Portability Accountability Act (HIPAA) of 1996 established federal standards for the privacy of health information of individuals – oral, written, and electronic. While HIPAA was initially designed for health organizations, it was updated in 2013 to cover any entity that stores or transmits patient information on behalf of a health organization.
The 2013 update’s impact means that a medical entity’s contact center platform must also meet HIPAA rules for the medical entity to be compliant. What are some of the requirements for a contact center to be considered HIPAA compliant?
THE HIPAA PRIVACY RULE
The first requirement for HIPAA compliance is the Privacy Rule, and its focus is on the disclosure of patient health information by the health entity. A medical contact center must provide proof of appropriate controls in place to keep patient health information confidential and employee training for how and when information can be disclosed.
THE HIPAA SECURITY RULE
The second requirement is the Security rule, which provides administrative, physical, and technical safeguards for storing and protecting patient data.
- Administrative safeguards ensure that entities have security measures with appropriate training for workforce members.
- Physical safeguards must be in place to prevent unapproved access to facilities, workstations, and electronic media.
- Technical safeguards include measures to prevent unauthorized access to electronic data.
While the administrative and physical aspects are relatively straightforward, most medical entities do not have the expertise to implement technical safeguards.
WHAT TO LOOK FOR IN A CONTACT CENTER
A fully HIPAA-compliant contact center solution should provide the following features:
- User password protection and masking
- Detailed reporting of each system access
- Comprehensive data encryption of all personal health data
- A multitenant architecture that restricts access between tenants
- Secure storage with encryption of each interaction (call recordings, chat transcripts, etc.)
Without help, this can be overwhelming for a medical entity. Whether implementing a new contact center solution or migrating to a new one, medical entities should look to a Communication Service Provider that understands the intricacies of HIPAA and can provide an appropriate solution.