8x8 Business Associate Agreements Help Dental Office Comply with HIPAA Regulations
Lots of junk calls, expensive answering services and poor voice quality were just a few of the things that made dental office manager Cheryl Long’s job tough. But the last straw fell when she asked her VoIP provider for a business associate agreement (BAA) to ensure HIPAA compliance and couldn’t get one.
That’s when Cheryl turned to 8x8, a hosted VoIP provider that understands the complexities of HIPAA regulations and network security for medical and dental offices.
Dr. Frank Long opened his Leonardtown, Maryland dental practice in 1984. Today the practice has grown to almost 1,000 patients, with Dr. Long’s wife Cheryl overseeing the practice as the office manager.
As a family business, the Longs pride themselves on customer service. “We see our patients as soon as they walk through the door,” explains Cheryl. “We don’t double-book and we don’t make people wait, especially if it’s an emergency appointment.”
With a limited staff running the office, Cheryl relies heavily on technology to streamline and automate their business processes. For example, she uses a cloud-based patient scheduling software that can be accessed anywhere. However, over the years, finding a phone service that delivers that same kind of quality and convenience has proved challenging.
Landline Service Provider Fails to Block Disruptive Telemarketers
Initially Dr. Long’s office used standard landline phone service from Verizon. Although reliable, the service was somewhat costly—not just in an economic sense, but in terms of wasted time.
“Our office gets dozen of ‘junk calls’ a day from telemarketers,” says Cheryl. “It was a big problem because we only have two phone lines, and we need to keep them clear so our patients can get through. With Verizon, there was no way to block those calls. Every day, we wasted a lot of valuable time dealing with them.”
VoIP Providers Fall Short in Voice Quality and HIPAA Compliance
Cheryl replaced the Verizon landlines with a router-based Sprint phone system. The voice quality was very poor so she also installed a range booster. That helped slightly. But whenever she talked to patients on the phone, they sounded like they were talking through a tin can.
Next, Cheryl installed a low-end VoIP phone system from Ooma which gave her improved voice quality and the ability to block junk calls. Everything seemed fine—until she met with her malpractice advisors about complying with the new HIPAA requirements for securing patients’ confidential information.
“My advisors told me if a doctor or dentist communicates over the Internet or stores information on the Internet, their data security has to be tighter than a drum,” recalls Cheryl. “That requirement applies to phone calls, faxes, email, voicemail messages and anything else that includes confidential patient information.” In other words, most unified communications services.
Her advisors recommended that Cheryl ask Ooma for a BAA to ensure all Internet-based communications in Dr. Long’s office complied with HIPAA’s stringent requirements. But when she approached them, she learned that the VoIP provider could not provide the agreement.
8x8 BAAs Help Companies Comply with HIPAA
Cheryl began searching online for VoIP providers who offered their customers BAAs. After lengthy investigation and contacting multiple providers, only one name came up: 8x8. “I contacted 8x8, and they immediately understood what my concerns were and why I needed a BAA,” she says. “As soon as I heard that, I was ready to roll.” Within two weeks, 8x8 had ported over Dr. Long’s phone numbers and shipped out VoIP phones to the office. The installation of the new phone system went very smoothly,” Cheryl says. “There’s no learning curve with 8x8,” she explains. “Tech support was available whenever I needed help setting up the system. I just told them what I wanted the system to do, and they held my hand through the whole process.”
Firewall Team Delivers Dynamic, Top-Rate Unified Communications Support
Cheryl came to appreciate the expertise of 8x8’s tech support team even more a short while later when the office began experiencing network crashes. Her ISP isolated the problem to the network port used for 8x8 calls, and told her the firewall around the network needed to be reconfigured. “Troubleshooting a business-class firewall is not an easy thing to do,” says Cheryl. “I called 8x8 and was connected to their firewall team. A tech went in remotely and fixed the problem for me in a few minutes. He knew exactly what he was doing, and probably could have done it with his eyes closed! It was dynamic, top-of-the-line support—not something every company offers.”
“Having a BAA was critical for us. You can install the best phone system in the world, but if you don’t have a BAA, you are not protected. I didn’t want to be sweating bullets if we were ever audited for HIPAA compliance. It’s not worth the risk.”Cheryl Long, Office Manager, Dr. Frank Long, DDS
State-of-the-Art Unified Communications Router Gets an A+ in Security
Because Cheryl takes HIPAA compliance very seriously, she appreciates the added layer of network protection offered by 8x8’s state-of-the-art D-link router. Unlike many routers that can be wirelessly hacked by someone driving by, the D-link router uses a graphical password that ensures only authorized users can access it. “Someone outside the office could not hack in to our router,” explains Cheryl. “They would have to physically break in because the password is visual. That extra protection locks down our network and makes it even more secure. I give 8x8 an A+ in security technology.”
8x8 Installs Fax Service in Just One Hour So Emergency Script Can Be Sent
8x8 helped Cheryl avert another crisis when she needed a fax line installed right away. Cheryl hadn’t included fax service in her original 8x8 installation because the office didn’t use fax much anymore and she regarded it as yet another communication channel requiring a BAA.
But then she got a call from an oral surgeon’s office. One of Dr. Long’s patients had been referred there, and the surgeon couldn’t treat her unless Dr. Long faxed over a script.
“Our patient really needed to be seen, and I didn’t want her to get to the surgeon’s office and find out he couldn’t help her,” says Cheryl. “I called our 8x8 account manager at home—in fact, I think I woke him up because he’s three hours behind on the West Coast—and explained the urgency of the situation. He got our fax line installed within the hour! We sent the script to the surgeon and 8x8 saved the day.”
Call Forwarding Rules Effectively Block Junk Calls
Being able to block junk calls is one of Cheryl’s favorite 8x8 features. She simply logs into the system from any web browser using 8x8’s Virtual Office Online, and accesses the Advanced Call Forwarding rules. By creating a call forwarding rule for incoming calls coming from specific telemarketer’s 800, 900 or 407 phones numbers, she is able to route these calls to a busy signal, preventing them from getting through.
“It’s very easy to add new phone numbers to the rule, and only a couple of telemarketers have gotten through after that,” says Cheryl. “It keeps our phone lines clear for patients and saves a lot of time during the day by preventing constant interruptions.”
Mobile App Handles Emergency Calls Without an Answering Service
Cheryl has also come to view the 8x8 system’s mobility features as a “godsend.” Using her cloud-based scheduling software along with the mobile app allows Cheryl to efficiently schedule patient appointments even when she’s at home or away from the office.
What is a Business Associate Agreement?
A Business Associate Agreement is a legal document that a business can provide you with, that documents that the issuing business complies with HIPAA regulations for handling protected health information.
You Could Need HIPAA Compliance—and Not Know It
You might think that HIPAA, a set of patient privacy regulations, doesn’t affect many companies outside of medical providers and insurance providers. But the definition of companies that must comply has been broadened—a lot. Examples of companies that must comply with HIPAA can include health-care related fields such as elder care, and even personnel departments of companies with health coverage. But what really expanded the enforcement scope of HIPPA was including all of the subcontractors or partners of businesses that significantly touch protected health information are also regulated under HIPAA, expanding the number of covered businesses to hundreds of thousands, if not millions.
VoIP Providers Can Aid Your Compliance with a Business Associate
Agreement In particular, most communications providers must now document their HIPAA compliance to preserve the HIPAA compliance of their customers. (Think of HIPAA compliance as a chain. If there are any links or breaks, a company’s HIPAA compliance can be ruined by third-party providers.) The only safe documentation the communications provider can give you is a Business Associate Agreement certifying the absolute security of their service.
So play it safe. Don’t let your unified communications provider torpedo your compliance. Get it in writing, with a Business Associate Agreement. If you think you might need HIPAA-compliant unified communications, go to http://www.8x8.com/Resources/white-papers/HIPAA-Compliance-Business-Phone-Service.aspx.
“Monday mornings used to be a nightmare, because we’d have to try to fit in all the emergency appointments that had accumulated over the weekend,” she recalls. “Now I open my scheduling software and review my 8x8 messages at home on Sunday night. I figure out in advance when to schedule our patients so Mondays are a lot smoother for them and us.”
She has found 8x8’s mobility features particularly helpful when there’s an after-hours emergency. “If a patient calls us after hours because they have an emergency, they don’t have to go through an answering service,” Cheryl says. “I can route after-hours calls to my iPhone and answer them directly. It sure beats having patients leave their messages on our old office phone’s answering machine. 8x8 gives you the ability to answer calls instantly anywhere at any time and helps your office eliminate the old way of retrieving messages. That is real freedom for the doctor as well as the patient.”
Auto Attendant Ensures All Patient Calls are Answered
Auto attendant is another standard 8x8 feature that Cheryl now cannot live without. Doctors and office workers no longer worry about missing a call. When they are busy assisting patients and can’t answer the phone, they’re able to rely on the 8x8 Auto Attendant.
“Auto attendant is absolutely crucial for us,” says Cheryl. “It answers the phone in a professional way so we can focus on the patient who’s in the office.”
Cheryl particularly likes how easy it is to customize the 8x8 auto attendant. By logging in to 8x8’s web-based administration portal, she can quickly record new greetings and prompts and immediately activate them.
“I can change our auto attendant with a snap of my fingers!” says Cheryl. “And I don’t even have to be at the office. If it’s a snowy day, I can stay home and record an announcement letting patients know that our office is closed today because of the weather.”
Call Log Enables Follow-up When Patients Don’t Leave Messages
While many patients leave voicemail when the office is closed or Cheryl is busy, others do not. Cheryl uses the 8x8 call log to track incoming calls and return calls from patients who don’t leave messages.
“Even though our patients don’t always leave messages, they love it when I call them back and say ‘I noticed you called us earlier. How can I help you?” she says. “It’s a great way to reach out to patients and bring them into the office. We’re also bringing in more revenue by tracking and following up on these types of calls.”
8x8: a Partner Medical Providers Can Trust with Patient Communications
While Cheryl loves many things about 8x8 unified communications, what stands out for her is the level of trust she now has in her VoIP provider.
“These days you can talk to patients in the office, in the car, at home—almost anywhere,” she says. “And everywhere and every way you communicate with patients has to be secure and meet HIPAA requirements. With 8x8 I know we’re covered across the board.”
She also points to 8x8’s commitment to customers, even those who may not be “tech-savvy.”
“8x8 spoils its customers,” says Cheryl. “Most doctors and dentists don’t know much about communication technology, but 8x8 does. They make sure their customers are taken care of 24x7, and they have the utmost respect for women in business. I’m thankful every day for the service and support we get from 8x8.”