HIPAA Initiatives Aim To Empower Patients In Accessing Health Records

Twenty-three years after HIPAA’s enactment into law, the U.S Department of Health and Human Services’ Office for Civil Rights (HSS-OCR) implements stricter enforcement of patients’ rights to access their information.

During the 11th annual HIPAA conference, OCR Director Roger Severino emphasized that “it’s time for serious enforcement, especially when we are moving to a full mobile data cloud age.”

In the latest statistics report, mobile devices (excluding tablets) accounted for 48.17% of global website traffic.

Because of this shift, a healthcare provider that develops its applications must be extra careful in following HIPAA guidelines and safeguarding protected health information.

Severino revealed that based on the “final determination” of the OCR, a HIPAA case will amount to $2.1 million civil monetary penalties. Other than this, he did not disclose further details about the nature of the case.

Patients should be able to access their health information through the apps they are using unless it poses a security threat to the covered entity.

This initiative can improve healthcare cost transparency. Additionally, it empowers patients in acquiring pricing information before they receive healthcare.

Meanwhile, Severino said that the primary cyber threats in the healthcare sector are ransomware and phishing attacks. He also elaborated that the key factors contributing to some of the largest health data breaches being reported to OCR are the following:

• Remote desktop vulnerabilities
• Weak single-factor authentication
• Weak access controls (e.g., failure to terminate access rights when workforce members end their employment)

HIPAA In Healthcare BPO

The HIPAA Security Rule applies to “health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with a transaction for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”) and their business associates.”

And the healthcare BPO industry is no exception.

To mitigate risks and prevent cyberattacks, any BPO companies that offer healthcare services (call center and back-office) that involve sensitive patient information should comply with HIPAA.

The Philippine Healthcare BPO Industry

Many Philippine healthcare BPO companies, in particular, have secured their HIPAA certification to cater to various healthcare and medical institutions. The commonly outsourced services in the country include telehealth services, medical coding, transcription, billing, and answering services.

The country is also the home of thousands of talented and skillful medical practitioners who are trying their luck in landing a job that is related to their profession. As a result, many end up working with healthcare BPO companies instead of finding work abroad.

It is also true that many Filipino freelancers offer healthcare services. However, freelancers can’t get HIPAA, you need a trusted BPO to do the job for you.

Magellan Solutions, a Philippine-based call center company, is HIPAA-certified. The strict implementation of its guidelines and regular quality assurance checks assure clients of data confidentiality and protection while providing quality healthcare.

Sources:

OCR’s Severino Outlines Top HIPAA Enforcement Initiatives

Statista’s Global mobile data traffic forecast