HIPAA compliance will be getting more complicated in 2023. The penalties and fines for non-compliance could cost you a lot. So, donβt get caught on the back foot.Β Β
The latest Centers for Medicare and Medicaid Services (CMS) rules include new guidelines on protecting patient health information. The impact extends HIPAA beyond its current call recording rules and βcovered entitiesβ now includeΒ US insurance companies, third-party marketing organizations (TPMOs) and the healthcare sector that promotes healthcare products. Β
The CMS Final Rule 2023 went into effect in September 2022 and applies to enrollments from January 1, 2023.Β Β
Colossal Impact on Call RecordingΒ
The CMS Final Rule will have a significant impact on call recording compliance. Companies, who until now have made do with the native recorders that came with traditional hosted telephony, could find themselves in breach of the new regulations. Itβs likely that they will need to upgrade. Β
Native recording solutions have limits. And usually, theyβre not secure. Theyβre not set up for long-term (10-year) storage. They arenβt easily accessible.Β Β
βCMS Final Rule will create a huge increase in mandatory recording across the US,β said Phillip Reynolds, Founder and CEO of Oak Innovation. βThus far, the call recording requirement chiefly affected financial services. Now itβs the healthcare sector which is enormous. Itβs also being driven by celebrity endorsements to sell healthcare products, which in reality arenβt quite as promised. So, itβs a way to regulate the industry,β Reynolds explained.βΒ
CMS Final Rule extends HIPAA to includes business associates and anyone with access to patient information or who provides support and treatment, payment or operations, and those who market them.Β Β
βThe crucial part of CMS Final Rule is that compliance now extends to the TPMO,β Reynolds said. βNow you have to be secure about everything in every way. Thatβs what it says.βΒ
What Are the New CMS Call Recording Requirements?
The new rule applies to all healthcare agents who enrol beneficiaries in new plans.Β Β Β
- Enrollment means all points of contact from awareness to completion of the sale.Β
- Call recording includes all types of video calls and walkthroughs/screen-sharing.Β
- If clients donβt want to be recorded, the call must end.Β
- Every call must include a verbal disclaimer.Β
- Call recordings must be stored in a HIPAA-compliant manner for at least ten years.Β
- Β Recordings must be secure and easily searchable.Β Β
- They must be encrypted and can only be unencrypted at the courtβs direction, or the request of the parties involved.Β
Oak Innovationβs Clarify and ClarifyGo Support CMS and HIPAA
Oak Innovation offers a complete and field-tested compliance call recording solution. Clarify, and ClarifyGo offer the following:Β
- Calls are automatically recorded (no need to press a button manually)Β
- Records video and walkthroughs/screens as well as audioΒ
- 256-bit AES encryptionΒ
- Policy-based access to recordingsΒ
- Reports on CMS and HIPAA-related activity (who accessed which recordings, any deleted, shared)Β
- Recordings can be stored as long as needed (10+ years)Β
- βLegal Holdβ is a feature that tags recordings being used in a legal case to ensure they arenβt automatically deleted after ten years.Β
- Oak provides a policy agreement when providing recording services to the buyer βcovered entityβΒ
- Microsoft Teams and on-premise support.Β
βItβs really about protecting patient confidentiality and patient health information from getting into the wrong hands, Reynolds said.Β
Click here to find out more about Oak Innovationβs Clarify and ClarifyGo.Β
