MedVoice’s HIPAA Compliance Program ensures our services meet all applicable HIPAA compliant laws and recognized standards of business conduct. Components of the program include:
Designated Compliance Personnel
MedVoice has designated key individuals to oversee HIPAA privacy, security, contractual developments, and compliance.
HIPAA Training
All MedVoice employees are required to participate in our HIPAA Training Program. This includes a rigorous twice-yearly test to make sure all employees remain well informed. An employee that does not achieve a perfect score is scheduled for further training and testing.
Maintaining Privacy and Security
MedVoice safeguards the privacy and security of health care data through strict administrative and technical standards.
At the technical level, MedVoice maintains a protected environment by utilizing measures such as user-specific database access privileges, internal and external user authentication, secure and encrypted electronic transmission of patient data, and active intrusion detection.
Administrative safeguards include the long-standing requirement that any MedVoice employee handling patient identifiable data sign a confidentiality and non-disclosure agreement related to such information and participate in twice-yearly HIPAA training. Keeping all PHI confidential has the highest priority at MedVoice.
WHAT THE US DEPARTMENT OF HEALTH & HUMAN SERVICES IS SAYING ABOUT HOW THE HIPAA PRIVACY RULES APPLY TO MEDVOICE SERVICES.
Q: May physician's offices or pharmacists leave messages for patients at their homes, either on an answering machine or with a family member, to remind them of appointments or to inform them that a prescription is ready? May providers continue to mail appointment or prescription refill reminders to patients' homes?
A: Yes. The HIPAA Privacy Rule permits health care providers to communicate with patients regarding their health care. This includes communicating with patients at their homes, whether through the mail or by phone or in some other manner. In addition, the Rule does not prohibit covered entities from leaving messages for patients on their answering machines. However, to reasonably safeguard the individual's privacy, covered entities should take care to limit the amount of information disclosed on the answering machine. For example, a covered entity might want to consider leaving only its name and number and other information necessary to confirm an appointment, or ask the individual to call back.
A covered entity also may leave a message with a family member or other person who answers the phone when the patient is not home. The Privacy Rule permits covered entities to disclose limited information to family members, friends, or other persons regarding an individual's care, even when the individual is not present. However, covered entities should use professional judgment to assure that such disclosures are in the best interest of the individual and limit the information disclosed. See 45 CFR 164.510(b)(3).In situations where a patient has requested that the covered entity communicate with him in a confidential manner, such as by alternative means or at an alternative location, the covered entity must accommodate that request, if reasonable. For example, the Department considers a request to receive mailings from the covered entity in a closed envelope rather than by postcard to be a reasonable request that should be accommodated. Similarly, a request to receive mail from the covered entity at a post office box rather than at home, or to receive calls at the office rather than at home are also considered to be reasonable requests, absent extenuating circumstances. See 45 CFR 164.522(b).
This information can be found in the US Department of Health & Human Services HIPAA Incidental Uses and Disclosures document dated December 3 , 2002.
