Failing to meet HIPAA requirements can be a costly mistake. Even for vigilant companies that have already deployed a solution for call recording, there is still a learning curve for how HIPAA impacts Electronic Protected Health Information (ePHI).
Since call recording is often used in healthcare to improve patient services, document treatment, and to limit legal liability, it is important to select a solution that can protect the organization, as well as enhance operations.
A common issue that many encounter is how HIPAA defines the different states of ePHI. Particularly, in a recently published rule update, HIPAA states:
“Because paper-to-paper faxes, person-to-person telephone calls, video teleconferencing, or messages left on voice-mail were not in electronic form before the transmission, those activities are not covered by this rule. If, however, the provider records the sessions and saves a copy, the saved version would be subject to Security rule provisions for data at rest.”
What this means is that any healthcare facility needs to use a call recording solution designed from the ground-up with security in mind. There isn’t any flexibility when it comes to HIPAA compliance, so a scalable and flexible solution is needed.
The HIPAA Security Rule is divided into three main categories, providing safeguards for administrative, physical, and technical aspects. These safeguards protect administrative responsibilities, keep data from threats or intrusions, and automate control.
Specifically for administrative safeguards, call recording needs to address workforce security. With a sophisticated access control mechanism, users can restrict access to ePHI to ensure privacy. Information is based on authorization levels, and comes with established contingency and backup protocols.
For physical safeguards, users need to limit the physical access to where the ePHI is housed. This requires a call recording solution that supports virtualization under both VMware and Hyper-V, while easily fitting into existing physical information systems.
Beyond that, technical safeguards provide access and audit control, authentication, and transmission security. A proper call recording solution needs to have a comprehensive audit mechanism to track all key events, including log in and out, recordings selected for playback or deletion, and password changes.
Be aware that these elements are crucial to maintaining HIPAA compliance. Not all call recording solutions are the same, so do your homework and find a vendor that can offer a comprehensive call recording solution, but is also HIPAA compliant.