Please fill out this form to get the VPI EMPOWER™ Workforce Optimization Overview fact sheet
You’ll also get access to dozens of other valuable white papers, research reports, Webcasts and more in the VPI Resource Center.
The Health Insurance Portability and Accountability Act (HIPAA) requires organizations to comply with minimum security and privacy standards for health data. This aims to improve the efficiency and effectiveness of the nation's healthcare system by encouraging the widespread use of electronic data interchange in healthcare. HIPAA compliance is a requirement placed on the health care organization to protect privacy matters of those who deal with the organization. HIPAA does not prescribe a “certification process” for the tools used by an organization but rather mandates that the organization implement and practice certain privacy protection.
VPI CAPTURE™ can assist health care organizations to meet their HIPAA requirements by protecting private health information. VPI CAPTURE gives organizations the ability to continue to record all calls (audio and screen if desired) while providing management of security at a user-level, with limitation of access to private, sensitive data. VPI CAPTURE's roles-based security, enhanced by end-to-end data and AES 256 file encryption, file watermarking and detailed audit trail reporting, enables organizations to effectively implement and monitor their privacy rules, policies and procedures that are required under HIPAA. VPI CAPTURE's secure, Web-based access to the recorded files and data, from anywhere together with powerful search and reporting capabilities make VPI CAPTURE the leading solution for regulatory compliance requirements.
To further secure sensitive information, VPI uses built-in end-to-end data encryption and key management to secure the SQL database that holds attributes of all recordings. The media manager provides for AES 128, 192, 256 or variable bit encryption/decryption when files are stored and accessed from the media manager.
Every call within the VPI application is wartermarked in real time to ensure authenticity. VPI offers a powerful application to validate the authenticity of any WAV file.
To further ensure maximum security and compliance with HIPAA and other regulations, VPI’s audit trail log records all user activity within the system so that organizations can conduct full trace audits to determine who accessed any recording in the system and when - for playback, export, or any other critical events.
HIPPA was enacted in 1996 to promote the continuity and portability of heath insurance, fight fraud and abuse, establish medical savings accounts, and other purposes. The law distinguishes between “covered entities” and “business associates.”
CEs are basically any person, business, or government entity that furnishes, bills, or receives payment for health care in the normal course of business. Examples include physicians, hospitals, pharmacies, heath care clearinghouses and health insurers.
A business associate is a person or organization that performs a function on behalf of a covered entity. Examples include software vendors, third party billing companies, claims processors, collections agencies, and outsourced contact centers. BAs must also agree to the privacy and data security requirements of HIPAA.
A business associate could be a contact center outsourcer that handles calls for a covered entity or a collection agency working on their behalf.
The Privacy Rule is a key provision of HIPPA that most directly effects collection agencies and contact centers. Among other things, the Privacy Rule requires:
|Notifying patients about their privacy rights and how their information can be used.|
|Adopting and implementing privacy procedures.|
|Training employees so that they understand the privacy procedures.|
|Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them and are not authorized to view them.|
The privacy rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, whether electronic, paper, or oral. The Privacy Rule calls this “protected health information (PHI).” This is a very broad definition that encompasses just about any information that relates health information to specific individuals. Examples include common identifiers like name, address, birth data and social security number. There are a number of exceptions where release of PHI is permissible and two instances when PHI must be disclosed. A covered entity may secure the patient’s written authorization to release PHI. A central tenant of the Privacy Rule is the principle of “minimum necessary” use and disclosure of PHI.
The fundamental implication for covered entities and their business associates is that PHI must be protected.