Business Associate Agreement required for answering service?

November 12, 2013

Question:

Dear Jennifer:

Do I need a business associate agreement with the answering service who handles our after hours calls? The most information given to them is patient name, DOB and symptoms and phone number to reach the parent. Also if the answering service notifies me of this msg by text do I need to encrypt the msg?

Thank you for all the wonderful information you send.

Regards,
M

Answer:

Yes and Yes.  The answering service utilized by the practice has protected health information - information that is individually identifiable to a patient and regardless of the fact that particulars of patient visits are not being shared with the answering service - the fact a patient is a patient is protected, along with the patients contact information and name requiring protection.  The Practice is REQUIRED by law to have a Business Associate Agreement with any third party (not excepted from this requirement).  Also, any protected health information being sent electronically must be done pursuant to the requirements set forth in the Security Rule.  All information should be encrypted, when possible, and also password protected.  Need policies?  Visit our simple order page - www.healthcarepracticecompliance.com.