Are Virtual Assistants HIPAA Compliant?
Before judging whether virtual assistants are HIPAA compliant, we must look at HIPAA compliance itself. The cornerstone upon which the entire law is built is each patient’s protected health information (PHI).
The HIPAA Privacy Rule establishes standards for controlling access to PHI, including patients’ right of access to their medical records, through effective policies and procedures. The HIPAA Security Rule addresses how PHI should be protected through administrative, physical, and technical safeguards. It also requires regular security risk analysis of existing measures.
The Breach Notification Rule requires specific actions to be taken when PHI is exposed in a manner that violates the Privacy and Security Rules. Vendors who interact with PHI must sign Business Associate Agreements (BAA) and be fully HIPAA compliant.
Virtual assistants who have access to PHI must follow all of the provisions of HIPAA just like onsite employees would, including maintaining training annually. If they do so, and if there was a signed BAA before PHI was transferred, it would not violate HIPAA to use them. Some business service agencies offer virtual assistant services that appear to be fully HIPAA compliant.
Are HIPAA Compliant Virtual Assistants Right for You?
There is much to consider before you jump on the virtual assistant bandwagon. Here are a couple of things to think about:
Am I comfortable giving access to my systems to a virtual assistant? While all virtual assistants should be vetted by their agencies, ultimately, it’s the PHI of your patients that you are entrusting to them. You’ll need to set them up with the same access to your systems as an in-office employee.
What happens if there is a breach? Even if a doctor, dentist, or other medical professional is the only in-office employee, the practice would still need to be HIPAA compliant. That means you still need annual risk assessments, training, policies, procedures, and everything else HIPAA requires. Your policies would need to address the fact that you are using virtual assistants, and the BAA would need to address breach notification and liability issues.
If you currently use virtual assistants or are thinking about doing so, Compliancy Group would be happy to discuss how to do so in a way that keeps you compliant with the law and helps your business function smoothly.