How Call Recording Helps Ensure HIPAA Compliance

Call Recording Featured Article

How Call Recording Helps Ensure HIPAA Compliance

November 15, 2016

Marketing in the healthcare environment is a challenging endeavor. Not only are patients protected by the Health Insurance Portability and Accountability Act (HIPAA), the Medicare Improvements for Patients and Providers Act (MIPPA) is also in place. Protecting privacy is important, but in an environment where call recording is important, how do you blend standard businesses practices with compliance?

A recent Telecom Reseller post offers some insight, stressing that both acts were established in an effort to prevent the abuse of marketing activities related to healthcare phone communications. Call recording falls under HIPAA, as any organization providing this capability to a healthcare provider is then involved in the management or dissemination of healthcare information. MIPPA introduced new restrictions on how agents can market Medicare-related products. It also targets areas like unsolicited calls and robocalls that have been a source of abusive sales activities in the past.

While these regulations can make healthcare providers uneasy about the activities related to call recording, the activity can actually serve as a compliance best practice, reducing the risk of violations by being able to demonstrate compliance during conversations. Recording staff and patient conversations is encouraged to demonstrate consistent practices that are in line with HIPAA and MIPPA. The ability to quickly access critical call records is also essential.

The penalties for failure to comply are significant and can include both civil and criminal. Civil violations are enforced by the Department of Health and Human Services through the Office of Civil Rights. Criminal violations are enforced through the Department of Justice. Each violation can generate up to $100 in civil penalties, with a maximum limit of $25,000 per year. Criminal penalties can be much more severe, carrying fines from $50,000 to $250,000 and imprisonment of one to 10 years.

To avoid the necessity for any of these penalties, any organization involved in the healthcare industry needs to adopt specific rules and policies via best practices. This includes insisting that all interactions are recorded and monitored frequently to ensure compliance. This call recording is important and the supporting software for management must be robust. The platform must include the ability to automatically mask or encrypt protected information from those lacking the proper authority to view it.

Another important configuration within call recording is to implement strict controls over the customer database as a whole, ensuring that unauthorized employees do not have access to information about current situations or specific individuals. Such restrictions must be clearly outlined in the policy and procedures must demonstrate adherence to the policy. In all, call recording is an important tool to ensure and demonstrate proper compliance.

Edited by Alicia Young

Article comments powered by Disqus