HIPAA Applies to Your Outsourcing Call Center, Too
As I mentioned in “ Five Things to Check Before Outsourcing Your Healthcare Calls,” it is critical to hire a call center that complies with HIPAA, the Health Insurance Portability and Accountability Act. Don’t assume every outsource healthcare call center is HIPAA compliant. Though they should be, not all are. You know that HIPAA compliance is essential, and they should, too. But some call centers don’t care, while others don’t treat compliance seriously enough. You are the covered entity (CE) and they are your business associate (BA), which means you are both responsible for keeping protected health information (PHI) secure. Therefore you must both fully comply with all relevant HIPAA regulations. Some healthcare organizations (as the covered entity) may assume that as long as they are compliant in their practices, that’s all that matters. But as the CE, you are ultimately responsible for what your outsourced call center (your business associate) does. If they expose PHI, both you and they are subject to civil and criminal penalties, not to mention the hit to your reputation – even if it’s your call center’s fault. Conversely some outsource call centers wrongly assume that they fall under the umbrella of their clients’ HIPAA compliance efforts. Again, this is just plain faulty reasoning. They may presume that if you are compliant and they work for you, that somehow they are magically covered. This is simply not true. If they mishandle PHI, they are at risk of civil and criminal penalties and so are you. Part of your due-diligence in contracting with an outsource call center is to confirm their practices are in fact HIPAA compliant. Go onsite to verify this or hire a knowledgeable professional to do this for you. Then get it in writing. Next include a relevant clause confirming this in your contract with them. Though they can’t indemnify you if they mess up, having contractual language affirming their compliance should help you in recouping monetary damages should they falter. However, the real advantage of including a HIPAA compliant statement in your agreement with them is that it reminds them in a tangible sense of their legal obligation to keep PHI secure at all times: in transmission, in storage, and in disposing of it. This will not be a problem for any viable healthcare call center. And if HIPAA compliance catches them off guard, then they have just confirmed they aren’t fully prepared to handle your calls and caller data as required by law and as expected by best practices. Ensure HIPAA compliance in your outsourcing call center before they take your first call, and you will avoid unpleasant and costly surprises later on. Janet Livingston is the president of Call Center Sales Pro, a premier sales and marketing service provider for the call center and telephone answering service industry – and who provides a healthcare call center matchmaking service. Contact Janet at firstname.lastname@example.org or call 800-901-7706. Peter Lyle DeHaan is a freelance writer from Southwest Michigan.