IVR Payment Technology Helps Medical Practices with HIPAA Security Requirements

According to a recent article, in a poll taken of 150 healthcare professionals responsible for HIPAA compliance at orga­nizations with fewer than 500 employees it was discovered that:

  • 51% don’t test employees on HIPAA-related training;
  • 50% of respondents don’t know if their organizations use multi-factor authentication;
  • 41% don’t know how often their firewall rules are reviewed;
  • 27% don’t encrypt emails containing patient data; and
  • 26% don’t use mobile encryption.

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act. Passed in the U.S. in 1996 it provides data privacy and security provisions for keeping medical information safe. As technology has advanced, HIPAA and the issues surrounding it have assumed a heightened prominence due to an increase in cyberattacks and ransomware attacks aimed specifically at healthcare providers and insurers.

From a security standpoint HIPAA’s provides organizations with provisions and guidelines in order to keep patients information secure.

The HIPAA Privacy Rule applies to any organization that is deemed to be a HIPAA-covered entity, which includes health plans, healthcare clearing houses and healthcare providers. This extends to providers delivering services to these organizations as well.

Violations can be very costly leading to steep fines running as high as $1.5 million per incident. Yet, as the figures cited above indicate, many of those individuals responsible for HIPAA compliance at smaller healthcare organizations seem to be falling short in their mandates to protect patient information and their organizations’ interests in this regard.

What does this mean for smaller healthcare providers who may feel that they don’t have the staff or the resources to deal effectively with these requirements?

Healthcare providers are continuously collecting, managing and transmitting patient information. Choosing to implement technology solutions that are already HIPAA compliant to perform these functions can be a good starting point. Working with their vendors to ensure that they are HIPAA compliant is another important step. Ensuring that all employees are well informed and well educated on the HIPAA requirements and implications will provide the foundation to achieve compliance. The US Department of Health and Human Services provides a comprehensive guide to facilitate the process of adhering with HIPAA requirements.

HIPAA And Patients Payments

While all patient information is covered by HIPAA there are additional requirements that govern patient payments, which add more complexity to the guidelines, regulations that healthcare providers must follow as well as the costs that they must incur in order to keep patient information safe. PCI (Payment Card Industry) Compliance, is a security standard that was developed by major credit card brands to assist service providers and merchants better protect the credit card data as it’s transmitted and stored by them. All organizations that accept credit card payments – including healthcare providers – are required to comply with PCI and all healthcare providers must comply with HIPAA.

PCI and HIPAA Compliance

When it comes to complying with PCI and HIPAA requirements, there is a lot of overlap. Because of the strict PCI security guidelines, practices that follow certain PCI Compliance requirements (such as the encryption of data) would by extension be complying with the encryption requirements within HIPAA as well. The current version of the PCI Data Security Standard has twelve core requirements. Those that are very similar to the HIPAA compliance rules include those that cover the need for strong, unique passwords (§164.308 of HIPAA), protection of stored cardholder data, malware protection and regularly updating antivirus protections (§164.304 of the HIPAA Security Rule), restricting access to cardholder data by business need to know and tracking and monitoring all access to network resources and cardholder data.

How Can IVR Technology Can Help With PCI and HIPAA

Interactive Voice Response (IVR) is an automated technology that helps the secure exchange of patient information that takes place over the telephone. In the case of payments where both HIPAA and PCI compliance are relevant, using IVR (as opposed to interacting with a live person and handing over private information through unsecured channels) can enable patients to securely make medical bill payments over the telephone. IVR technology is multi-faceted and helps you to get and stay on board with HIPAA and PCI compliance. By removing the live staff member from the collection of credit card information healthcare providers ensuring that all information is collected and transmitted to the intended destination through an encrypted and secure channel, which is one of the major requirements of both HIPAA and PCI.

Reducing the Costs of Being HIPAA and PCI Compliant

Employing IVR Payment technology can significantly lower the cost and complexity of achieving your HIPAA and PCI compliance goals. Keeping sensitive confidential information out of the hands of live staff and transmitted through encrypted channels results in improved security thereby reducing the chances of security breaches and the financial losses and harm to your practice’s reputation that can result.

With IVR Payment technology bill payments can be accepted 24/7 on a secured platform that can be tailored to the needs of medical practices regardless of size or type. Patients can interact with the practice using the channel of their choice and pay their bills when it is most convenient for them without having to disclose their credit card information to a live agent, while the practices benefits in that they can feel confident that all information is being transmitted through secure channels.

In addition to helping you cope with security HIPAA and PCI security requirements, IVR Payment technology saves money.

Studies have shown that the use of IVR Payment technology helps to speed up the payment process, so you not only get paid faster you spend less time answering payment calls and returning messages from all those patients who want to pay when you are busy or not available. Staff can be deployed more productively to deal with other important tasks as well as assisting patients who call in because they need help such matters as booking/re-scheduling appointments, inquiring after test results and so on.

With IVR Payment technology you can become more secure, shift manual tasks to automation, reduce your costs of security compliance, reduce your operational costs and keep up with the ever-changing HIPAA and PCI compliance requirements. Find out how easy it is to get started with IVR Payments for Medical Practices.

We’re Here to Help

What our clients are saying about us

“Never any issues with you guys! Things just work.”

Gerry Henstra, CEO, Henstra Business Solutions

“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”

Jeff Boatman, Global Client Solutions

“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”

IT Manager

“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”

Joe Grossman, Sr. Vice President, 121 Direct Response

“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”

Ryan McCullough, Marketing Manager, Aegon Direct

“Great team to work with. I look forward to utilizing some additional capabilities in the future.”

Bob Griffin, VP of Operations, MedA/Rx

“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”

Director of Student Accounts

“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”

Anne Pennell, VP, Customer Services Operations, Standard Life

“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”

Kim Pace, Director Patient Accounts and Revenue, Chatham-Kent Health Alliance