What are the rules for HIPAA Compliant Telemedicine?

HIPAA compliance rules for telemedicine-which includes any medical professional or healthcare organization that provides a remote service to patients in their homes or in community centres-also apply to call centres. It affects every company providing an answering service or call-forwarding service for the healthcare industry.

In 2013, the Final Omnibus Rule updated the Health Insurance Portability and Accountability Act (HIPAA) to make it clear that all service providers processing, storing or transmitting ePHI directly or on behalf of a healthcare organization are subject to the same Privacy and Security Rules as the healthcare organization itself.

In practice, healthcare organizations will avoid engaging the services of a call centre unless it can be independently verified the call centre is communicating ePHI in compliance with HIPAA. There have been major advances in recent years in creating apps or software which allows for HIPAA compliant texting. Therefore, adhering to HIPAA in call centres should not be difficult or expensive for the companies working with CEs. Furthermore, it has been demonstrated that HIPAA compliance for call centres allows for more efficient communication by streamlining workflows and enhancing the level of service provided to patients.

Secure Texting Solutions

The HIPAA Security rule created most of the changes relevant to HIPAA compliance for call centres. The Security Rule holds information such as who should have access to ePHI, how the integrity of ePHI should be maintained while patient data is being transmitted, and what controls should be put in place to prevent an accidental or malicious breach of ePHI.

Many healthcare organizations have implemented secure texting solutions to comply with the requirements of the Security Rule. These provide alternatives to unsecure forms of communication such as SMS, email, and Skype, which do not ensure the integrity of ePHI. These solutions are equally appropriate to ensure HIPAA compliant texting and communications in call centres.

By implementing their own secure texting solutions, call centres will be communicating ePHI in compliance with HIPAA with the necessary safeguards in place to control who has access to ePHI, ensure the end-to-end integrity of ePHI and to prevent any breaches of ePHI – either accidental or malicious.

How HIPAA Compliance for Call Centres Works

Secure texting solutions ensure HIPAA compliance for call centres by only allowing authorized users to access the call centre’s private communications network. Access to the network is gained via secure messaging apps only with an admin-issued username and PIN code. Administrators have ultimate control over who is authorised to view ePHI, and therefore can block unauthorised access attempts by other individuals.

Once into the network, authorized users can then communicate with other authorized users, share documents, files and images as attachments, and engage in secure group discussions. This allows for the users to benefit from collaboration while also maintaining the security of the healthcare information.

Safeguards are in place to prevent ePHI being transmitted outside of the call centre’s network, copied and pasted or saved to an external hard drive. All activity on the network is monitored by a cloud-based secure messaging network and, if a potential breach of ePHI is discovered, any communication can be remotely retracted and deleted. None of this is possible using unsecure but common messaging channels such as SMS or email.

All communications are encrypted to NIST standards so that they are unreadable, undecipherable and unusable if they are intercepted on a public Wi-Fi network. If an authorized user loses their mobile device or have it stolen, administrators can remotely PIN lock the device to prevent unauthorized access to ePHI.

Other safeguards to ensure HIPAA compliance for call centres includes “message lifespans”. This feature removes messages containing ePHI from an authorized user´s computer or mobile device after a pre-determined period.  Developers have also created “app time outs”, a safety feature that logs users out of the network after a period of inactivity to prevent unauthorized access to ePHI when a desktop computer or mobile device is left unattended. Both measures protect the integrity of ePHI with very little effort on the user’s part.

The Advantages of Communicating ePHI in Compliance with HIPAA

There are multiple advantages of HIPAA compliance for call centre communicating ePHI in compliance with HIPAA and for the healthcare organization it is working with.

Secure messaging solutions are widely seen to have many advantages. One of the primary benefits they offer is the massive increase in workplace efficiency. Medical professionals in the community can send and receive ePHI on-the-go using secure messaging, instead of having to wait to be at a desktop to log into a secure network. Images can be attached to secure messages, which can then be shared to accelerate diagnoses and the administration of treatment. Secure messaging also offers the potential to accelerate emergency admissions and patient discharges. Many healthcare institutes often struggle with patient waiting times, but increasing the efficiency in which patients are discharged offers the potential to reducing wait times and streamlining the administrative process.

Secure message apps also automatically produced delivery notifications and read receipts reduce phone tag and increase message accountability. Information access reports make risk management analyses much simpler while, when integrated with an EHR, secure messaging also enables healthcare organizations to meet the requirements for patient electronic access under Stage 2 of the Meaningful Use incentive program.

The call centre serving the El Rio Community Health Centres in the Tucson area of Arizona implemented a HIPAA-compliant texting solution in their seventeen locations to address issues it was having with efficient call support, patient follow-up and message accountability.

Because of HIPAA compliant texting in call centres, response times improved so that 95 percent of concerns were answered in sixty seconds or less, the concerns were evaluated and resolved more efficiently to provide a higher level of service to patients, and message accountability increased by 22 percent.

By being able to monitor communication metrics, administrators at the Community Health Centres could create a streamlined workflow that ensured proper patient follow-up and risk management. According to the organization´s CIO, communicating ePHI in compliance with HIPAA eliminated lost message errors which translated into increased patient satisfaction.


As previously mentioned, healthcare organizations will avoid engaging the services of a call centre unless it can be independently verified the call centre is communicating ePHI in compliance with HIPAA. In addition to increased business opportunities, there are other motivations for call centres to become HIPAA compliant.

HIPAA compliant texting in call centres can lead to the healthcare organizations served by the call centre streamlining workflows and enhancing the level of service provided to patients. If a healthcare organization benefits from the service it receives from the call centre, the call centres reputation will spread and new opportunities may arise.

Secure messaging systems serve as an inexpensive and facile solution to any difficulties that the call centre may have with handling ePHI. As secure messaging apps have a text-like interface that authorized users will already be familiar with and that will require no special training before they can use. Furthermore, as HIPAA compliance for call centres is provided via a cloud-based “Software-as-a-Service” platform, there is no need to invest in expensive new servers, additional hardware or complicated software programs. Many companies have seen the advantages of using such systems, and the use of secure messaging solutions is on the rise.