We have been talking a good deal lately, in our office meetings, about the new HIPAA “Omnibus” Rule and how it will affect the way we do business with medical professionals and facilities that handle Patient Health Information (PHI).

Stethoscope on medical recordsUnder the new rules, it is not just the medical professionals and facilities responsibility to comply with HIPAA standards. We, as the answering service, are also directly responsible for compliance. This means that any transmission of PHI, must be encrypted, on both sides.

Given the new standards, as a Business Associate (BA) of any Entity that handles PHI, a signed BA Agreement will be required by both sides. However, even with this agreement in place, these Entities are still required to prove due diligence, regarding the protection of PHI, when utilizing our service. Therefore, our inability to know, for certain, that the encrypted messages we send, will be received securely via email, text, or fax, rules out the continued use of those options. The new options for message delivery are limited to “talking over the phone” or *”secure messaging”. So, we will be launching the use of a secure messaging application in order to properly serve, and protect, the work we do with medical professionals and facilities relative to PHI.

The “compliance date” is September 22, 2013.

*Wikipedia defines Secure Messaging as: a server based approach to protect sensitive data when sent beyond the corporate borders and provides compliance with industry regulations such as HIPAA, GLBA and SOX. Advantages over classical secure e-Mail are that confidential and authenticated exchanges can be started immediately by any internet user worldwide since there is no requirement to install any software nor to obtain or to distribute cryptographic keys beforehand. Secure messages provide non-repudiation as the recipients (similar to online banking) are personally identified and transactions are logged by the secure email platform.

The following two tabs change content below.

Teri Erickson

Business Development Coordinator at AnswerFirst
I hope you found this article helpful, if you have any questions you can contact me on my direct line at AnswerFirst: 813-636-3975. If I don’t provide our potential clients with top-notch customer service from day 1, then why should they trust my company to provide their clients with the same?