As healthcare practices continue to struggle to find qualified staff, one option to consider is a virtual assistant. It may sound complicated, but it’s an expansion of services that has been around for quite a while.
We will explore two questions: is it possible to have a HIPAA compliant virtual assistant, and is it right for you?
What is a HIPAA Compliant Virtual Assistant?
According to the employment website Indeed, a virtual assistant simply completes administrative tasks from a remote location. Medical professionals may be familiar with answering services for after-hours or on-call situations.
Virtual assistants do much more than simply relay messages. Healthcare providers can use a virtual assistant to supplement or replace many traditional in-office tasks a receptionist performs, like scheduling and confirming appointments. But they can also do more, including:
- Providing appointment reminders
- Following up with patients
- Gathering insurance information
- Updating patient files and other data entry duties
- Ordering needed supplies
- Doing any other duties as required, including accounting and payroll
Virtual assistants can be independent contractors, but most are employed by staffing agencies or business service agencies responsible for providing their benefits. They work remotely, so you don’t need additional desks, equipment, or office space to accommodate them, and some supply their own computers and communications equipment.
Some agencies even offer the ability to scale staffing to match demand so that no phone goes unanswered. It may sound like the perfect answer, but how does this fit with HIPAA rules and regulations?
Are Virtual Assistants HIPAA Compliant?
Before judging whether virtual assistants are HIPAA compliant, we must look at HIPAA compliance itself. The cornerstone upon which the entire law is built is each patient’s protected health information (PHI).
The HIPAA Privacy Rule establishes standards for controlling access to PHI, including patients’ right of access to their medical records, through effective policies and procedures. The HIPAA Security Rule addresses how PHI should be protected through administrative, physical, and technical safeguards. It also requires regular security risk analysis of existing measures.
The Breach Notification Rule requires specific actions to be taken when PHI is exposed in a manner that violates the Privacy and Security Rules. Vendors who interact with PHI must sign Business Associate Agreements (BAA) and be fully HIPAA compliant.
Virtual assistants who have access to PHI must follow all of the provisions of HIPAA just like onsite employees would, including maintaining training annually. If they do so, and if there was a signed BAA before PHI was transferred, it would not violate HIPAA to use them. Some business service agencies offer virtual assistant services that appear to be fully HIPAA compliant.
Are HIPAA Compliant Virtual Assistants Right for You?
There is much to consider before you jump on the virtual assistant bandwagon. Here are a couple of things to think about:
Am I comfortable giving access to my systems to a virtual assistant? While all virtual assistants should be vetted by their agencies, ultimately, it’s the PHI of your patients that you are entrusting to them. You’ll need to set them up with the same access to your systems as an in-office employee.
What happens if there is a breach? Even if a doctor, dentist, or other medical professional is the only in-office employee, the practice would still need to be HIPAA compliant. That means you still need annual risk assessments, training, policies, procedures, and everything else HIPAA requires. Your policies would need to address the fact that you are using virtual assistants, and the BAA would need to address breach notification and liability issues.
If you currently use virtual assistants or are thinking about doing so, Compliancy Group would be happy to discuss how to do so in a way that keeps you compliant with the law and helps your business function smoothly.