June 2024 update: A June 20th federal court ruling held parts of the December 2022 Bulletin issued by the U.S. Department of Health & Human Services (“HHS”) about online tracking technologies invalid. HHS is now considering its next steps following the order. With the uncertainty surrounding this 18-month saga, healthcare providers can rely on CallRail to understand patient privacy risks and support HIPAA compliance. CallRail's Healthcare plans offer providers confidence in attracting new patients while ensuring that their patients' data is secure.
As a healthcare provider, personal health information (PHI) security is more important than ever, and safeguarding it isn’t just a suggestion–it’s the law. Luckily, the U.S. Department of Health and Human Services (HHS) released new guidance in March 2024 that clarifies how online tracking technologies can help healthcare providers while staying compliant with HIPAA.
Up until now, it’s been difficult to determine when HIPAA applies–is it the first time a person visits the website or after they’ve seen a provider? When does a Business Associate Agreement (BAA) need to be signed? And is the Office of Civil Rights really paying attention to tracking technologies?
The March 2024 update answered all of these questions and provided clear parameters for how providers can maintain HIPAA compliance and still work with outside technologies. Does call tracking seem too complicated, and even risky when it comes to maintaining compliance? Maybe you’ve given up on all the valuable marketing intelligence that could be gained with strategic tracking because it seems too complicated.
Here are four myths about HIPAA and online tracking tools that the new guidance has busted, and how CallRail can get you back in the game.
Myth #1: HIPAA doesn’t apply to PHI from calls unless they’re already a patient
It has long been assumed that HIPAA regulations only protect patient information, but the new guidance clarifies that the protection begins earlier. Even before their first appointment, it’s possible that a person’s information is protected if they electronically communicate personal health information such as their name or birthdate. This is the case regardless of whether they eventually become a patient.
What does that mean for providers? It means that any call tracking technology you use must support HIPAA compliance. CallRail offers a healthcare-specific plan that protects patient information from the moment you pick up the phone. Using redaction, advanced data encryption, secure access, and a host of other security measures, CallRail keeps patient information safe while giving you the insights you need into your best marketing channels.
Myth #2: Tech giants won’t sign BAAs, so neither will the rest of my tech stack
It’s easy to assume that if tech giants won’t sign a business associate agreement, neither will other technology vendors. But that’s not true. CallRail and other tech solutions are often willing to sign a BAA. That agreement legally obligates CallRail to comply with all applicable HIPAA controls in regard to our services.
The BAA is one of the pillars of CallRail’s Healthcare Plan. Our Healthcare Plan is built on the foundation of shared responsibility for HIPAA compliance and proportionate responsibility for securing patient PHI. This enables you to maximize patient privacy while still turning more leads into higher-value patients.
Myth #3: The recent guidelines are the last word on call tracking compliance
With technology becoming increasingly prominent in healthcare, HHS is actively prioritizing online tracking technologies. Since HHS has not previously issued guidance on this matter, this latest update signals a significant shift in its focus, and we can expect continued guidance in the future.
CallRail remains committed to responding to regulations and supporting HIPAA compliance efforts. We're attuned to these updates and are proactively adapting. Our Healthcare Plans are continually refined to enhance safety, efficacy, and compliance. As regulations evolve, so will our approach, ensuring that we remain in lockstep with regulatory requirements.
Myth #4: You can’t track calls and maintain HIPAA compliance
Absolutely untrue! The latest update makes it crystal clear that call tracking software can indeed be compliant. And the great news is, CallRail's Healthcare Plans are exclusively for healthcare providers and support HIPAA compliance. We've implemented numerous safeguards, such as comprehensive HIPAA training and certification for our staff and robust data security controls like redaction, advanced data encryption, and secure access to name a few. CallRail has successfully completed third party audits, maintained HIPAA attestation, and is more than willing to sign a Business Associate Agreement (BAA) while assuming our share of responsibility for safeguarding patient PHI.
Our Healthcare Plans not only meet HIPAA requirements but also provide valuable marketing insights while ensuring the safety of patient personal health information. This allows you to focus on growing your practice with call tracking without increasing the risks you need to worry about.
Leading the field in Call Tracking compliance
For healthcare marketers, call tracking can determine which marketing channels are driving high-value patients, and provide insights into opportunities for staff training and new product offerings. CallRail can help you do all of that while still maintaining compliance with HIPAA regulations.
Our Healthcare Plan has extensive safety measures in place that fit within the new HHS guidelines, and we’ve always been willing to sign a BAA. We’re committed to serving as a true partner you can rely on. If you’re ready to get the most from every phone call without fear of a HIPAA violation, schedule a demo today.
Try CallRail free for 14 days.
Disclaimer: The information provided in this article reflects our understanding of the HIPAA guidance released on March 18, 2024. This content is intended for informational purposes only and should not be construed as legal advice or legally binding obligation. Please consult with legal professionals or relevant authorities to ensure compliance with applicable laws and regulations.
