The short answer is, yes.
HIPAA applies to covered entities and business associates. According to the U.S. Department of Health & Human Services (HHS
), “the individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.”
If your business is any of the following, you must be HIPAA compliant:
A Health Care Provider
This includes providers such as:
- Nursing Homes
...but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.
A Health Plan
A Health Care Clearinghouse
- Health insurance companies
- Company health plans
- Government programs that pay for health care, such as Medicare, Medicaid, the military and veterans’ health care programs.
This includes entities that process nonstandard health information received from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
HHS states that, “If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.”
Specialty Answering Service is considered a business associate. We are HIPAA Compliant, PCI Compliant, and ISO 27001 Certified. If your place of business requires HIPAA compliance, then SAS will provide you with our business associate agreement to retain for your records.
To that end, when you work with our service, Protected Health Information (PHI) cannot be transmitted via any electronic means. If you have messages in your queue, SAS will text you an alert that there is a message waiting. You must log in to your secure web portal in order to retrieve it. Calls can also be patched directly through to you, avoiding text altogether. However, in the event we do not reach you, protected health information cannot be left on your voicemail. Also, accounts that require HIPAA compliance are not eligible to use the SAS voicemail service as each voicemail is sent as an email immediately after the caller leaves a message.
Please note that you cannot call in for your messages. They can only be retrieved via your secure web portal
. For instructions on how to navigate the portal, click here