hero image

After four years of anticipation, 45 CFR Parts 160 and 164, or HIPAA’s Ominibus Rule as it is more commonly known, went into effect on March 26, 2013, with corporate compliance required by September 23, 2013. Omnibus puts into law many things left unclear in previous HIPAA-related rulings, including requiring business associates of covered entities to be compliant with HIPAA Privacy and Security rules and adopting HITECH Act additions to the Enforcement Rule not adopted in the October 30, 2009 interim Final Rule.    

As a business associate for our clients’ programs, Telerx engages our clients’ customers in Business Associate Agreements (BAA) to comply with Omnibus, HIPAA, etc…

Both covered entities and business associates may be held liable for breaches of Protected Health Information (PHI), with civil penalties of up to $1.5 million and penalties that can be extended down to the individual who caused the breach. Criminal penalties can range as high as $250,000 and up to ten years in prison. Because of the scope and reputational damage associated with these penalties, incidents can cripple a covered entity or business associate.

At Telerx, we take pride in our ability to keep PHI safe and protected. Here are some best practices we use to maintain our corporate culture of information safety:


Role-Based Access

Unless your team is seated in an area where only they have access, your team is at risk. Visitors may be able to overhear PHI being communicated through the phone, see it on the screens of your agents, or compromise any applications and forms customers may have submitted.

One way to mitigate this risk is to restrict your team’s workspace to an area to which only they have access. Preferably with a role- and access-based FOB while allows only authorized personnel to enter. Also consider temporary walls where appropriate until construction is completed.

Paperless, Clean Desk Policy

The risks of writing down information are immense:

By establishing best practices for documenting, including establishing a paperless, clean desk policy, your team can mitigate the risk of paper record breaches. At Telerx, whether our interactions come from healthcare professionals or patients, they are documented in CRMs, which are designed to allow for a paperless workplace.

Locking Up and Archiving Paper Records

However, not all paper can be eliminated – some of the programs we manage for clients involve receiving paper applications and forms. Because of this, we have implemented simple ways to reduce risk of breach.

complianceHave your agents do the following to mitigate risk:

Taking these steps can keep the records out of malicious hands.

Minimizing Screens, Logging Out, and Locking Workstations

Even the most secure team has visitors, whether it is someone else from the company or the client themselves. To prevent potential breaches, here are some tips to handle this situation:

There are many ways to reduce the risk of breaching PHI, but implementing these simple suggestions could make your team safer and more compliant.

Related Articles