HIPAA Compliant Live Chat: What to Look for in a Provider

Keeping the flow of new patients into your practice is more important than ever before as we navigate the COVID-19 pandemic. But it can be done, and live chat is one easy way to open new avenues to reach patients and help them reach you. Keep in mind, however, that live chat is covered under the Health Insurance Portability and Accountability Act of 1996, so take the time to thoroughly vet your shortlist before signing on. Here are several things you will want to look for in your live chat provider.

Depth of knowledge about HIPAA

Live chat providers who serve clients covered under HIPAA and have access to electronically protected health information from those clients are also covered under HIPAA as business associates. For that reason, they should be very well versed in HIPAA compliance as it relates to digital communications, as well as spoken communications. An experienced live chat provider that isn’t already in compliance with HIPAA but says they can be, is not a safe bet.

Not only are the human requirements of HIPAA mandatory, but so too are the technical and the physical requirements outlined in the regulations. Make sure your live chat provider can clearly explain the company’s HIPAA compliance program to ensure you and your patients are protected. Our blog, “Is Live Chat HIPAA Compliant?” spells out how HIPAA applies to ePHI and key requirements for live chat.

Willingness to sign a written HIPAA contract

Because any person or entity who has access to ePHI is covered under HIPAA, it is essential that a contract or business associate agreement be in place that spells out how the live chat provider will manage ePHI and provide the required safeguards. The Department of Health & Human Services document, “Business Associate Contracts” defines 10 points that must be covered in the contract including what uses and disclosures of ePHI are permitted, reporting requirements for disclosures of ePHI that are not permitted, and that the business associate will “implement appropriate safeguards to prevent unauthorized use or disclosure of the information, including implementing requirements of the HIPAA Security Rule with regard to electronically protected health information.” The document also provides a sample contract that delineates each requirement, including optional items that may apply.

Evidence of risk analysis

Just as medical facilities and other covered entities must conduct a HIPAA risk analysis, so too should a HIPAA-compliant business associate. Risk analysis is required as a means of assessing weaknesses, threats and other vulnerabilities in security pertaining to PHI. The findings of risk analysis should be used to not only repair problems but to assess and refine aspects like the company’s personnel screening process, what data should be backed up and how what data requires authentication, and how best to protect data transmissions.

It is important to note as well that risk analysis must be an ongoing process and although the regulation does not specify how often it should be conducted, an annual or “as needed” update of the risk analysis speaks to the level of attention to compliance you can expect of the live chat provider. For more about HIPAA risk analysis, the HHS document, “Guidance on Risk Analysis” offers an overview as well as a link to the HIPAA Security Risk Assessment Tool.

Ongoing commitment to HIPAA compliance

Compliance with HIPAA requires that everyone on staff who needs to be is well trained in the intricacies of the regulation and is committed to keeping privacy and security a priority, all day every day. From top management down, HIPAA compliance should be an integral part of how a live chat provider operates. So, it is important that all staff members who have access to ePHI either from the technical side or from the human side, like live chat hosts, be committed to knowing and keeping HIPAA requirements front and center in everything they do.

A live chat provider that is committed to HIPAA compliance will be able to explain how the staff is trained, what best practices are in use, and what processes are in place to address security breaches or other incidents involving ePHI. The HIPAA Journal article, “HIPAA Compliance Checklist” looks at a broad range of safeguards and best practices across the entire HIPAA spectrum that can or should be implemented.

When it comes to live chat and protecting your patients and practice, there can be no short cuts to HIPAA compliance. At Site Staff, our commitment to compliance runs deep and we want to prove it with a 30-Day Free Trial. Try it and see how HIPPA compliant live chat can change your practice today.