Twenty-three years after HIPAA’s enactment into law, the U.S Department of Health and Human Services’ Office for Civil Rights (HSS-OCR) implements stricter enforcement of patients’ rights to access their information.
During the 11th annual HIPAA conference, OCR Director Roger Severino emphasized that “it’s time for serious enforcement, especially when we are moving to a full mobile data cloud age.”
In the latest statistics report, mobile devices (excluding tablets) accounted for 48.17% of global website traffic.
Because of this shift, a healthcare provider that develops its applications must be extra careful in following HIPAA guidelines and safeguarding protected health information.
Severino revealed that based on the “final determination” of the OCR, a HIPAA case will amount to $2.1 million civil monetary penalties. Other than this, he did not disclose further details about the nature of the case.
Patients should be able to access their health information through the apps they are using unless it poses a security threat to the covered entity.
This initiative can improve healthcare cost transparency. Additionally, it empowers patients in acquiring pricing information before they receive healthcare.
Meanwhile, Severino said that the primary cyber threats in the healthcare sector are ransomware and phishing attacks. He also elaborated that the key factors contributing to some of the largest health data breaches being reported to OCR are the following:
The HIPAA Security Rule applies to “health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”) and their business associates.”
And the healthcare BPO industry is no exception.
To mitigate risks and prevent cyberattacks, any BPO companies that offer healthcare services (call center and back-office) that involve sensitive patient information should comply with HIPAA.
Many Philippine healthcare BPO companies, in particular, have secured their HIPAA certification to cater to various healthcare and medical institutions. The commonly outsourced services in the country include telehealth services, medical coding, transcription, billing, and answering services.
The country is also the home of thousands of talented and skillful medical practitioners who are trying their luck in landing a job that is related to their profession. As a result, many end up working with healthcare BPO companies instead of finding work abroad.
It is also true that many Filipino freelancers offer healthcare services. However, freelancers can’t get HIPAA, you need a trusted BPO to do the job for you.
Magellan Solutions, a Philippine-based call center company, is HIPAA-certified. The strict implementation of its guidelines and regular quality assurance checks assure clients of data confidentiality and protection while providing quality healthcare.
Sources:
OCR’s Severino Outlines Top HIPAA Enforcement Initiatives
Statista’s Global mobile data traffic forecast
Contact us today for more information.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.