In a recent webinar, CallRail experts and our agency partner Andrew Miller, Co-Founder & VP of Client Services at Workshop Digital, delivered a crucial update on where we stand after the latest U.S. Department of Health & Human Services announcement and the recent Change Healthcare data breach.
Continue reading to discover the latest updates in healthcare marketing and explore strategies to effectively utilize marketing technology and prepare for future threats, all while safeguarding patient data.
Recent healthcare news
HHS update
The Department of Health and Human Services (HHS) made an announcement on March 18, 2024 that the protected health information (PHI) from tracking applications is subject to HIPAA regulations, whether the visitor is a patient or not.
If tracking tech is accessing info regarding an individual seeking health services, that tech has access to PHI. As a result, HHS states that HIPAA-regulated entities need a business associate agreement with a third party or a HIPAA-compliant authorization directly with the individual.
Change Healthcare cyber security breach
A recent cyberattack on Change Healthcare in late February 2024 underscored the vulnerabilities in healthcare data security. Over 100 million people's PHI was potentially compromised, leading to severe disruptions in claims processing and business operations for healthcare providers. The impact on revenue was substantial, with some organizations reporting daily losses exceeding $1 million. The incident highlighted the urgent need for stringent protection of PHI and compliance with HIPAA regulations when utilizing tracking technologies.
How CallRail supports HIPAA compliance
CallRail helps healthcare organizations bridge the gap by offering healthcare plans that support HIPAA compliance, allowing for secure information tracking and communications.
- Call Tracking: Ensures all data is encrypted both ‘in transit’ and ‘at rest’, includes timeout features, audit logs, compliant notifications, and PHI/PII redaction.
- Form Tracking: Submission alerts are sensitive data-free, with PHI/PII redaction and robust network security measures.
- Conversation Intelligence Suite: Offers advanced features like keyword spotting and call recording with built-in PHI/PII redaction, maintaining compliance across all operations.
Compliance tips when using tracking technologies
It’s important to use tracking technology with HIPAA-compliant features, but it’s equally as crucial to understand how to safely and effectively use the technology. Here are a few tips you can take as a user to ensure compliance and safeguard PHI.
- Check compliance with integrations - The same precautions should be in place with all your tech stack integrations as CallRail offers.
- Don’t share user credentials - Create individual logins whenever possible. CallRail logs access by user, timestamp, and IP address for accurate audit logs.
- Export with caution - CallRail maintains HIPAA compliance within the account. When exporting data anywhere else, ensure the environment is secure and compliant.
How agencies are working to avoid HIPAA violations
Agencies are taking proactive steps to prevent HIPAA violations by focusing on education and training for their teams and clients. They prioritize strategic planning that integrates HIPAA compliance right from the project's inception and continually strive for improvement. Agencies actively listen to pain points and challenges, ensuring they recommend HIPAA-compliant tools and reliable partners to maintain robust data protection standards across their operations and client services.
Compliance tips for agencies
For agencies taking in all of this crucial healthcare information, there are three major goals to keep in mind:
- Protect your clients
- Protect your agency
- Protect your clients’ patients
So, how do you do that? Here are some tips to avoid complications with HIPAA.
- Be intentional about account set up and who is an authorized user, making sure redaction is on
- Sign a BAA with your client and with CallRail
- Put covered entities on a healthcare plan
Protect PHI with CallRail and Freshpaint’s new integration
Freshpaint and CallRail recently announced their brand new integration that helps healthcare organizations protect patient data and stay compliant with HIPAA regulations.
Freshpaint bridges the gap between patient privacy and digital marketing by making sure data is never shared with tools that don't support HIPAA compliance. Feeding CallRail data through Freshpaint gives healthcare marketers a one-stop shop for their marketing data, establishing a privacy-first marketing ecosystem with minimal risk while still delivering the high-performance results they’re looking for.
Learn more about the integration here.
