The healthcare industry is heavily regulated, requiring compliance to laws that protect patient medical records and other personal information. Enacted in 1996, HIPAA (Health Insurance Portability and Accountability Act) requires data privacy and security provisions for safeguarding medical information. These regulations apply to health plans, insurance companies, governmental health programs, doctors, hospitals and many other healthcare professionals.
Specifically, the Privacy Rule stipulates that organizations must:
- Notify patients about their privacy rights and how their information can be used.
- Adopt and implement privacy procedures.
- Train employees so that they understand the privacy procedures.
- Secure patient records containing individually identifiable health information so that they are not readily available to those who do not need access and/or are not authorized to view them.
HIPAA protects all ‘individually identifiable health information’ held or transmitted by a covered entity or its business associate, whether electronic, paper, or oral. The Privacy Rule calls this protected health information (PHI).
Examples of this type of personal information can include name, address, birth data, social security number, medical history, medical diagnosis, email addresses, phone numbers, dates directly related to an individual, account numbers, health insurance beneficiary numbers, certificate/license numbers and more.
Whether your staff is interacting with patients/customers via landline or mobile telephone, VoIP or chat (e.g. Skype for Business), all of your interactions should be recorded, encrypted and stored securely in case of a dispute or potential regulatory infraction. Compliance call recording solutions can capture all interactions and allow managers and quality specialists to review the recordings to assess agent compliance. When infractions do occur, managers can work with agents to correct the situation so that it doesn’t happen again.
What’s more, call recording systems with masking, muting, encryption and playback permission restrictions further help ensure any sensitive information that is exchanged during the interaction is not stored on the recording. After all, penalties start at $100 per infraction but can go as high as $250,000 and can include 10 years of prison time.