Our HIPAA Compliance Commitment
Many Healthcare professionals and medical facilities have no idea they are at risk for HIPAA non-compliance penalties and fines. The majority of violations occur from transmitting patient information via non-secure mobile devices and/or email. If an entity is using an Alpha Pager or is sending non-secure SMS text messages, they ARE in violation of HIPAA and at significant legal and financial risk.
“Because a small private practice did not ensure that their patient health information was secure, they were fined when an employee posted their information on a public virtual calendar through non-secure emails. The result was public access to private patient information and a $100,000 fine.”
The Health Insurance Portability and Accountability Act (HIPAA) has far-reaching implications for the answering service and call center industry. Here at Direct Line, our call agents and staff are HIPAA certified in accordance with our industry association, The Association of Tele Services International which ensures HIPAA compliance.
We understand the impact of HIPAA and how to securely manage private health information (PHI). Our staff annually participates in a comprehensive HIPAA agent training and certification program that is documented and actively managed by Direct Line.
The Business Associate Agreement
A Business Associate is an individual or entity, other than a member of a covered entity’s workforce. They perform functions or activities on behalf of a covered entity that involves access to PHI. Answering services and call centers fall into this category. HIPAA rules generally require that covered entities and business associates enter into a contract to ensure that the business associate will appropriately safeguard PHI.
A written contract between a covered entity and a business associate is required and must include the following:
Establish the permitted and required uses and disclosures of protected health information by the business associate. The business associate will not use or further disclose PHI information other than as permitted or required by the contract or as required by law.
The business associate is required to implement appropriate safeguards to prevent unauthorized use or disclosure of the information, including implementing requirements of the HIPAA Security Rule with regard to electronic protected health information (E-PHI). The business associate is required to report to the covered entity any use or disclosure of the PHI information not provided for by its contract, including incidents that constitute breaches of unsecured protected health information. The business associate is required to disclose PHI as specified in its contract to satisfy a covered entity’s obligation.
A business associate is to carry out a covered entity’s obligation under the Privacy Rule.
The Health and Human Services department requires business associates to make available to HHS its internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by the business associate on behalf of, the covered entity for purposes of HHS determining the covered entity’s compliance with the HIPAA Privacy Rule.
At the termination of the business associate agreement, if feasible, the business associate should return or destroy all protected health information received from, or created or received by the business associate on behalf of, the covered entity.
The business associate must ensure that any subcontractors it may engage on its behalf who have access to PHI agree to the same restrictions and conditions that apply to the business associate.
The Direct Line Difference
Direct Line Tele Response continues to be a recognized leader within the answering service and call center industry with our proprietary secure medical answering service. As your trusted Business Associate, Direct Line is fully compliant with HIPAA which governs the privacy of individually identifiable health information.
Direct Line assists with reducing your risk with our affordable Secure Interactive Messaging service.
- Secure web access to view messages
- Proprietary Secure Interactive Messaging service
- Integration with other secure messaging applications
- Transport Layered Secure (TLS) Email
- Professional, HIPAA-certified Call Agents
For more information about our HIPAA Compliant Answering Services or our Business Associate Agreement, contact us today! 888-365-2424.