Quick Tips to Implement HIPAA in Your Call Center
October 5, 2016
Most people in the call center industry have a general idea of what HIPAA is, but they lack an understanding of how to apply it to their call center. Ignorance is not a sound defense for HIPAA violations. Follow these quick tips now to reduce penalties and pain later.
First a review. HIPAA stands for the Health Insurance Portability and Accountability Act. Passed by the US congress in 1996, the law is now over a decade old. As far as call centers are concerned, HIPAA, among other things, requires call centers to keep personal health information private, both when stored and when moved. There are fines, as well as public embarrassment, for database breaches and employee disclosures of private healthcare information.
Though this is not comprehensive legal advice, the following recommendations do address some basic, commonsense steps to move toward HIPAA compliance by covering key risk areas that are often overlooked.
Implement Internal Security: Safeguard your call center facility with building locks, surveillance cameras, door alarms, and a secured lobby. If employees use a separate entrance, don’t overlook it. Require them to be buzzed in or provide a keypad entry lock, with individual codes for each employee. Change lock codes periodically and retire individual codes as soon as an employee no longer works at your call center.
Have Restricted Areas: The primary space that should have limited access is the equipment area, which houses your call center’s computers, servers, and network technology, as well as the telecommunications switches and interfaces. There should be no externally accessible points to your telephone or internet service. Furthermore, remote access to this equipment and data should be password protected for authorized personnel only. Another area with limited access is the operations room, where only scheduled agents and relevant management should be allowed.
Escort Visitors: Any clients, prospective clients, vendors, and nonemployees need an escort through the facility. They must be supervised at all times. If they’re interested in viewing operations, they should do so by observing it from inside a soundproof, glassed viewing area.
Provide a Shred Bin: Any sensitive or potentially sensitive documents require shredding. Though immediate shredding is ideal, this is sometimes impractical, in which case locked shred bins should be conveniently placed around the call center. These are periodically emptied by authorized staff entrusted to shred the contents.
Enforce a Password Policy: Password misuse is the weakest link in most call centers. A thorough password policy must be developed, taught, followed, and enforced. At minimum the password policy should mandate regular password changes, not reusing previously used passwords, and never sharing passwords. Password policy violations remain a weak link in many call centers.
While HIPAA only covers the healthcare industry, these security tips are best practices for all call centers. Therefore every call center should move toward implementation.
Janet Livingston is the president of Call Center Sales Pro, a premier sales and marketing service provider and consultancy that provides custom training solutions for all levels of staff in the call center and telephone answering service industry. Contact Janet at firstname.lastname@example.org or 800-901-7706 to learn more about arranging specific training for your organization.
Peter DeHaan is a freelance writer from Southwest Michigan.
www.Fuzionme.com CCSP Fuzion data portal provides ultimate 1-stop management resource for healthcare call center supervisors and managers Call center ...
Answering Service Case Study: Insurance Agent Loses with Answering Machine
By Peter DeHaan As an independent insurance agent, Jack Kippling had been in the industry most of his career. To grow his clientele he would buy maili...
Answering Service Case Study: Restoration Service Saves the Day—and the House
By Peter DeHaan Michael and Susan Carbine had spent the last six months doing a meticulous remodel of their beloved home. Their kitchen was last, and ...
Answering Service Case Study: Security Solutions for Security Guards
By Peter DeHaan Gerard Hoover sighed. His new security guard monitoring system wasn’t working as well as he hoped. With his staff of guards scattere...
Answering Service Case Study: Attorney Seeks Maximum Impact for Minimal Cost
By Peter DeHaan Dustin Murphy was stepping into his future, with law school behind him and his new practice before him. He needed to make the most of ...
Answering Service Case Study: The Dental Difference
By Peter DeHaan Terry Tyler loved caramel. But as he chomped on the sweet goodness of his mouthwatering treat, something bad happened, something reall...
Answering Service Case Study: Restoration Service Shines While Insurance Agent Falters
By Peter DeHaan With rain pouring down, Jerry Tresman and his wife, Mindy, looked in horror at the water rushing into the basement crock that held the...
Answering Service Case Study: Cleaning Up With Advertising
By Peter DeHaan Jerry Pelzer started Commercial Cleaning and Restoration Services as a one-man company, so he was seldom in the office when the phone ...