Do You Have to Comply with HIPAA?

What is HIPAA?

The goal of HIPAA and the privacy rule is to assure that an individuals health information is properly protected, while allowing providers to communicate about pertinent records. Given that the health care marketplace is diverse, the rule is designed to be flexible and comprehensive to cover all scenarios. This includes keeping recorded files of communications that happen over the phone.

The HIPAA Rules Apply to Covered Entities and Business Associates

Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions there must be a contract in place, and the business associate is directly liable for compliance with certain provisions of the HIPAA Rules (Summary).

In general, a business associate is a person or organization, other than a member of a covered entity's workforce, that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information. Business associate functions or activities on behalf of a cov-ered entity include claims processing, da-ta analysis, utilization review, and billing. Business associate services to a covered entity are limited to legal, actuarial, ac-counting, consulting, data aggregation, man-agement, administra-tive, accreditation, or financial services (Summary).

HIPAA Best Practices

  • Recording all interactions is truly best practice. Not only should all interactions be recorded, they should also be monitored frequently for compliance assurance.
  • Covered entity call centers and business associates should have maximum control over access to data-bases with PHI. SmartRecord® allows for that level of strict control.
  • Confidential information should be automatically masked or encrypted for security purposes, which is why SmartRecord® uses powerful encryption to pro-tect patient information.
  • Enhanced analytics can be used to help automatically tag and categorize recordings based on events that occurred during the call. With SmartRecord® you can quickly located recordings that require review.
  • If the covered entity or business associate accepts payment by credit or debit card, it is important to note that they are also subject to comply with the payment card industry data security standards. SmartRecord® also helps with PCI compliance

"Summary of the HIPAA Privacy Rule." Summary of the HIPAA Privacy Rule. N.p., n.d. Web. 07 Oct. 2014.