HIPAA Initiatives Aim To Empower Patients In Accessing Health Records

Twenty-three years after the Health Insurance Portability and Accountability Act of 1996 (HIPAA’s) enactment into law, the U.S. Department of Health and Human Services Office for Civil Rights (HSS-OCR) implemented stricter enforcement of patients’ rights to access their information.

During the 11th annual HIPAA conference, OCR Director Roger Severino emphasized that “it’s time for serious enforcement, especially when we are moving to a full mobile data cloud age.”

In the latest statistics report, mobile devices (excluding tablets) accounted for 48.17% of global website traffic.

Because of this shift, a healthcare provider that develops its applications must be extra careful in following HIPAA guidelines and safeguarding protected health information.

Severino revealed that based on the “final determination” of the OCR, a HIPAA case would amount to $2.1 million in civil monetary penalties. Other than this, he did not disclose further details about the nature of the case.

Patients should be able to access their health information through their apps unless it poses a security threat to the covered entity.

This initiative can improve healthcare cost transparency. Additionally, it empowers patients to acquire pricing information before they receive healthcare.

Meanwhile, Severino said that the primary cyber threats in the healthcare sector are ransomware and phishing attacks. He also elaborated that the key factors contributing to some of the most significant health data breaches being reported to OCR are the following:

• Remote desktop vulnerabilities
• Weak single-factor authentication
• Weak access controls (e.g., failure to terminate access rights when workforce members end their employment)

HIPAA In Healthcare BPO

The HIPAA Security Rule applies to “health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”) and their business associates.”

And the healthcare BPO industry is no exception.

To mitigate risks and prevent cyberattacks, any BPO companies that offer healthcare services (call center and back-office) that involve sensitive patient information should comply with HIPAA.

The Philippine Healthcare BPO Industry

Many Philippine healthcare BPO companies have secured their HIPAA certification to cater to various healthcare and medical institutions. The commonly outsourced services in the country are telehealth services.

The country is also the home of thousands of talented and skillful medical practitioners who are trying their luck to land a job related to their profession. As a result, many end up working with healthcare BPO companies instead of finding work abroad.

It is also true that many Filipino freelancers offer healthcare services. However, freelancers can’t get HIPAA; you need a trusted BPO to do the job.

Magellan Solutions is the leading SME-focused BPO among all outsourcing companies in the Philippines.

With over 18 years of industry experience, we offer high-quality customer support and call center services. On top of that, we are a certified ISO 27001:2013 and HIPAA-compliant company.

Contact us now to discuss how we can help your business succeed. Complete the contact form below and talk to us for free!