Executive Boutique

CALL US - US: 1-888-700-9555 US | UK: 44-12026-18056 AU | AU: 612-8015-5330 AU| SGP: 65-6653-6528SGP

Philippine Call Center Blog

Preventing PHI Data Breaches in Contact Centers

PHI data breaches

PHI data breaches

PHI data breaches can cause a lot of problems for both the medical organizations and for the patients to which the protected health information (PHI) belongs to.

PHI holders whose information have been breached can experience severe social damage to his or her career, reputation, family, and even lifestyle.

The impact of PHI data breaches are so severe that it can even lead PHI holders to sue the organization and demand compensation for the damages that occurred.

Because of these repercussions, it is highly important for medical establishments to only work with contact centers that are HIPAA compliant and that practice a high sense of PHI data security.

This blog post will cover two important tips on methods that HIPAA-compliant contact centers can use to prevent data breaches.

Our goal at the end of this post is that you’d be able to identify contact centers that use methods and strategies that are aligned with preventing data breaches.

Employing Risk Assessments

Risk assessments involve utilizing a third-party security expert to conduct a thorough check up on the kind of safety and security level that is used in a contact center’s operating procedures.

These experts then give feedback to the agency on how they could improve their safety standards to prevent becoming a victim of possible data breaches.

Consider some of the following scenarios:

  • Agents leaving their desktop computers open and accessible while taking a break, allowing unauthorized individuals to view and even access the PHI.
  • PHI storage devices not utilizing any encryption software, thereby leaving the data easily accessible in the event of the device either being stolen or lost.
  • Agents discussing confidential PHI details among their peers, colleagues, and other individuals who are not authorized to know these details.

Because lapses such as these can sometimes be overlooked, investing in risk assessments would help pinpoint vulnerable areas in a contact center’s information handling and storage.

These lapses and vulnerabilities can then be corrected by the agency via proper employee training or by using the right cyber-security and encryption tools.

Utilizing Uniform Training

Another way of reducing the likelihood of a data breach is to ensure that all employees go through and pass a uniform training program that focuses on HIPAA compliance.

These employees should be fluent with the HIPAA compliance guidelines and should be kept up-to-date with any changes and updates to the Act’s regulations.

The agency’s management should also regularly remind and emphasize to agents the important operating procedures and policies that they need to maintain as they go about their daily tasks.

Some of these procedures could include the following:

  • Agents ensuring that their screens have to be protected from the view of other unauthorized individuals at all times.
  • Agents storing files in secured locations and utilizing secure emails and phone lines when disseminating sensitive PHI.
  • Agents encrypting files before sending them and utilizing password-locks when taking breaks to ensure that unauthorized individuals could not access their devices.

Emphasizing these guidelines and setting consequences for compliance-failure would lessen the chances of data breaches happening because of any lapses on the agent’s part.

What’s Next?

If you’re looking for a HIPAA-compliant contact center to outsource your patient’s PHI handling, storage, and management needs, allow us to help.

Executive Boutique is a fully-compliant HIPAA call center that is well-versed with patient privacy and never overlooks data security.

For more information, click the contact button on the upper-right part of this page to contact us today.

Also, got any questions, concerns, and feedback?

Comment below. We’ll get back to you as soon as we can.

Read More »

5 Effective Tips You Should Implement When Phone Prospecting

Phone Prospecting


Phone Prospecting

“You don’t have to be great to start, but you have to start to be great.” Zig Ziglar once said this.

When phone prospecting, this quote should be at the top of one’s mind.

Cold-calling is a challenging feat, with both parties on a seemingly unpleasant situation. The caller may interrupt the prospect’s day, and both just want to get off the phone as soon as possible. This doesn’t have to be the case.

Listed below are the five effective tips to make you great at what you do.

1. Be a consultant.

Sure you have to be thick-skinned to be a successful prospector, but you don’t have to be the annoying one that prospects want to avoid. Rather, you can position yourself as a consultant, offering honest and helpful advice for your prospect’s situation.

This means that you have to be knowledgeable about the product or service you’re proposing so you can provide the best product that suits them. You should be able to explain it clearly and effectively to different buyer personas.

Armed with your consultative information, this may just be the confident push you need.

2. Write your goals.

Did you know that just by writing your goals, you have a 40% higher chance of achieving them?

Goal setting opens up your mind to a different level of consciousness, ideas, and productivity. Not only that, when you take the time to write down goals, you are also taking a step towards being organized.

Push this further by scheduling your day and planning out your calls, and you’re sure on your way to closing more deals. You can use Google Calendar to help notify you and your prospects about your call appointments.

3. Warm up your calls.

With social media, everyone’s connected somehow. Use this to your advantage by researching on your prospect and following them on LinkedIn or Twitter. Share their posts or favorite their tweets.

In this way, you can understand your buyer’s context more, and you can better position yourself at selling a comparable product or service.

4. Choose the brighter side.

As a telemarketer, you need to generate quality leads, and chances are, you’ll go through an extensive list of rejections before you get to your pot of gold.

Staying positive is not just a practical tip, it’s key to survival. Good vibes not only increase your motivation, but it also leads to greater sales productivity and safeguards your health.

So before you feel the urge to give up, take a breather. Most of the time, its irrational fears that keep you from being great.

Once you take hold of that receiver on a positive note, the fears dissipate. By taking action, not only do you find out how to make things better, but you also silence your inhibitions.

5. Continuously learn.

Innovations are happening all around you, and everyone is learning something new every day. Embrace the training and impartations that your higher ups give. Allow yourself to be coached and open yourself up for nuggets of wisdom. When your prospects challenge your efforts, don’t balk at them. Instead, learn different approaches.

You can make a difference. Challenge yourself every single day and keep learning new ways to motivate yourself.

Now what?

Phone prospecting is vital in any business. This is one effective way to create awareness for your products and services. Here at EB Call Center, we are always training and seeking ways to improve the quality of life for our call center agents. Connect with us through our contact page.

If you find this article helpful, do share it with others. If you have other effective tips that you would like to share, do comment below

Read More »

How BPOs Can Help You With Client Relationship-Building



Bill Gates once said, “An important principle is that companies should focus on their core competencies and outsource everything else.”

It goes without saying that as a self-made billionaire, the Microsoft founder and business magnate knows what he’s talking about.

Do you want to know why Bill Gates is one of the richest men in the world? It’s because he is smart enough to know that he can’t do it all by himself.

In short, he outsourced like a boss.

If you want to be successful in your business, you’d do well to follow his advice.

That said, as a business owner, it’s imperative that you commit yourself to ensuring that your client base is satisfied with your products and services. Because when your customers are happy, increased sales are to be expected.

The Impact of Good Customer Service

According to a study made by International Customer Service Association, companies that prioritize customer service see twelve times the return on sales compared to companies that don’t.

Customers these days, however, expect more from service providers. They expect more than basic customer support service, and at times will look for support through a variety of channels.

If you want your company to establish a good relationship with its client base, you’d do well to outsource call centers that will make and keep your customers happy.

Why? It’s because call centers offer more than providing the “human element” to customer interactions.

BPOs Offer Clients An Integrated Experience

As an outsourcing partner, call centers also offer additional services such as customer analytics, customer management through various channels of service, and established customer retention strategies.

Another obvious advantage in partnering with a BPO provider is that you are relegating a segment of your business to an agency that specializes in that field.

If you want your business to provide excellent customer service, it only makes sense to find an outsourcing partner that concentrates all its resources and expertise in keeping up with consumer demands.

Outsourcing Customer Service Fosters Growth

Once you’ve partnered with an established contact center, the costs and materials for hiring and training employees will cease to be your direct responsibility. This allows your business to save valuable time and resources.

When allowed that amount of breathing room, your company can be in a position where it can leverage its core competencies more.

This creates a ripple effect, resulting in major improvements in many aspects of the business like research and development, performance, productivity, and quality.

Not only does this benefit your business, it also creates more opportunities for better customer service.

Final Thoughts

It’s an established fact that for a company to stay in business, it has to provide quality customer service on a regular basis. It increases brand loyalty and increases the chances of your customers recommending your products and services to others.

As a BPO company, Executive Boutique has an impressive track record in providing the dedicated customer service that every business requires in achieving its strategic goals. Are you in need of our services? Then reach out to us now using our contact form. Cheers!

Read More »

Four Reasons Why Contact Centers Need to Have a Positive Work Culture

Contact Centers


Contact CentersDo you ever wonder how customer-oriented call centers continue to maintain excellence in providing quality service?

Three words: Positive Work Culture.

Merriam Webster defines culture as a shared set of values, beliefs, practices, and goals within an organization.

Simply put, it is our shared identity — who we are whenever our bosses aren’t in the room, or how we respond whenever faced with forks in the road.

Here are four good reasons why contact centers need to have a positive shared identity in the workplace.

1. Corporate unity

Creating a shared positive culture allows agents to align their heartbeats to that of the organization.

Whenever these employees are placed in conflicting situations, these individuals can always make responses that benefit the agency despite the lack of clear-cut instructions on what exactly to do in the employee handbook.

Because the company practices a lifestyle out of embracing organizational values and interests, these agents are able to exercise discretion that forwards company goals because of their awareness and constant application of such.

2. Increased motivation

Sharing a collective identity makes agents more concerned about the success of the entire organization and not just their personal interests.

A study published in Harvard Business Review show customer satisfaction levels to be linked to employee motivation factors as determined by strong workplace cultures. The same article also revealed a connection between organizational drive and increased revenue production.

Patty Vogan, a leadership columnist of Entrepreneur.com, believes that creating an atmosphere of positive culture in the workplace starts and ends with top management.

Agents look towards company leaders when forming their ideas and beliefs of organizational culture before adopting and integrating these norms into their personal drives.

3. Improved retention

Stronger company cultures result in more employee talents being retained.

Departments of an insurance company that aligned its workplace environments to company culture were found to have 30% less turnover as compared to the other units.

The lower churn rate would translate into lesser organizational expenses spent on hiring and more chemistry among your team’s agents.

One reason why individuals immersed in company culture choose to stay is that of the feeling of being part of an extended family. An article from Catalyst.org shows that almost 50% of employees who shared organizational values feel a greater sense of inclusion at work.

4. Brand image

The type of identity we share inside our organization can be seen by potential employees and customers from the outside.

Treating employees well and having a light and fun workplace environment may cause prospects to see and believe that your company’s brand is filled with laughter and generosity.

One study shows that college students are willing to accept 7% less starting pay just to be in organizations that have cultures they appreciate. Another article in Forbes shows that millennials are willing to trade $7,600 worth of salary per year for better work environments.

Even another publication showed that 70% of millennials would opt to spend more money on brands that support causes that these individuals care about.

What are your thoughts?

We believe that positive culture is essential to the developing excellence in the contact center workplace. It is because of these values and beliefs that we hold and practice that we are confident in providing outstanding customer service to our clients.

How about you? Do you agree with the importance of positive work culture in the organization? And what values and practices do you uphold in your company?

Let us know in the comments below.

(If you are looking for solutions to improve your workplace culture, then contact us.)


Read More »

Attractive Incentive Schemes That Call Centers Should Consider

Call Centers


Call Centers

As a service-oriented outbound call center, we give the best of what we can offer not just to our clients on the other side of the phone, but also to our hard-working agents as well.

We firmly believe that offering our employees amazing benefits, rewards, and bonus packages will allow their joy and zeal to extend beyond the four corners of our office and even impact our customers that’s calling from across the globe.

If you’re in the process of putting together an incentive scheme to motivate your team, then you’re in the right place.

We’re going to talk about four tried and tested incentive schemes that you can use to encourage your team to perform better.

1. Paid Time-Off

Perhaps the best reward that agents in the call center industry could be given is to receive breaks and leaves that are fully compensated by the company.

According to CakeHR, the top incentive that employees wish to have the most are more vacation days. To be precise, 30% of company workers would like to have this paid time-off.

Compensated leaves come with a good amount of benefits to both employers and employees. Improved work ethics in the call center would perhaps be on top of the list of direct consequences, as agents would less likely call-in unexpectedly due to their time-off flexibility.

The vacation leaves would also allow employees to have an improved level of work-life balance. Giving agents the opportunity to relax would cause them to return feeling refreshed and motivated to tackle your client’s calls.

2. Peer Recognition

One of the best ways to not only to make your call center agents happy but also to boost their work performance and outputs is to utilize employee acknowledgment strategies in your incentive schemes.

An article in Forbes shows that 83% of organizations experience a deficit in recognizing their staff for their hard work. These companies were shown to be underperforming as compared to their peers.

Recognizing agents for their hard work packs a punch with respect to motivational impact.

Giving the due esteem to strong output producers encourages friendly competition between co-workers who would like to obtain the same level of appreciation as well.

The prestige that comes with being acknowledged by company management drives underdogs overlookers to step up their game. At the same time, performers are forced to strive harder if they want to maintain their status.

3. Company Freebies

Free merchandise, gift certificates, tickets, coupons, and offers are the kinds of perks that are often well remembered by call center agents.

Jerod Foos mentions that more than 65% of employees believe that travel packages and company freebies linger in their memories longer than cash benefits do. This tendency may have something to do with the sentimental value attached to these rewards.

It’s also worth mentioning that a merchandise that has the brand name and logo of your business plastered onto it may boost employee loyalty and retention rates.

Every time an agent would use a freebie that has your call center’s icon attached to it, they get to notice words and images related to your company. These employees can then associate these details with the good memories and values your organization carries.

4. Cash

Cash incentives are one of the most commonly used strategies for keeping employees happy.

What makes this incentive scheme remarkable is the fact that it is effortless to distribute. Employers can quickly add the money to their call center agents’ paychecks or even distribute the cash up front.

One of the downsides to cash investments, however, is the fact that it can cultivate the wrong mindsets in your employees.

According to Wharton, giving your staff strong financial incentives may lead them to overlook ethical boundaries in their workplace. Employees tend to take the shortest route to obtaining these benefits — believing that the end justifies the means.

Your thoughts?

Employees are the bread and butter of your company. Their excellent customer care and service are core factors in generating revenue for your company. It’s exactly because of this that keeping your agents happy and motivated is of prime importance to maintaining their performance at optimum levels.

What kind of incentives have you offered your employees? Did it ever like it? Did it resonate with them?

Please share your experience in the comments section below. Cheers!






Read More »

Frequently Asked Questions Business Owners Have on PCI Compliance

PCI Compliance

PCI Compliance

Let me guess: You want to learn more about the Payment Card Industry (PCI), don’t you? However, with all the things that you need cover, you can’t help but feel overwhelmed. As a PCI DSS compliant call center, we’re here to help you with just that — learning about PCI compliance.

We’re going to walk you through some of the basics of the industry, hoping that we’ll be able to address the burning questions that you have about it.

Today, we’re going to do this by answering ten common queries that a lot of first-timers have on PCI compliance.

Without further ado, let’s hop right in.

1. What is the PCI DSS?

PCI DSS stands for the “Payment Card Industry Data Security Standard.” This is a set of security protocols and guidelines designed to make sure that all companies that accept, store, process, or transmit any credit card information would maintain a secure environment.

2. What is the PCI SSC?

PCI SSC stands for the “Payment Card Industry Security Standards Council.” This council is a body launched last September 7, 2006 for the management of the growth and changing dynamics of security standards in the PCI.

The PCI SSC administers and handles the PCI DSS and focuses on enhancing account security through the payment and transaction process. This body was made by leading payment card brands, namely: MasterCard, Visa, Discover, American Express, and JCB.

3. Is the PCI SSC responsible for enforcing compliance?

No. The acquirers and payment brands are responsible for compliance enforcement, not the PCI council.

4. Does the PCI DSS apply to my business?

If your company transmits, stores, or accepts any cardholder data, then the PCI DSS applies to your organization no matter its size or transaction amount.

5. What is a merchant?

A merchant is any entity that accepts any payment card that bears a logo of any of the PCI SSC members for payment of goods or services.

6. What is an acquirer?

An acquirer is an entity that processes transactions for merchants. These entities are usually financial institutions and are explicitly defined by a payment brand as such. Other names that it may carry include “acquiring bank,” “merchant bank,” and “acquiring financial institution.”

7. What is a service provider?

A service provider is any entity

  • That is not a payment card brand; and,
  • That is directly involved in cardholder data storage, processing, or transmission.

8. Can a merchant also be a service provider?

Yes. If your company stores, processes, and transmits cardholder data, and if your organization also accepts payment cards as a payment for services or goods, then your business is both a merchant and a service provider.

9. Are there penalties for non-compliance?

Yes, there are. If non-compliance is spotted, payment brands may fine a bank $5,000 to $100,000 each month for every violation. The bank would usually pass along the fine until it would eventually reach the merchant.

Also, banks may either increase transaction fees or terminate your relationship depending on the violation performed.

10. What happens if my business chooses not to cooperate?

PCI DSS is not a law and just a standard. However, merchants who do not comply with PCI DSS may receive fines at the discretion of service providers and acquirers if a violation was spotted.

Also, any breach events that occur may incur forensic audits and card replacement costs from these acquirers or service providers.

What’s next?

Do you still have more questions about PCI compliance?

Let us know about them in the comments below.

(Note: If you’re looking for a PCI DSS compliant call center to help administer your customer’s sensitive authentication data. Contact us now.)

Read More »

What Every Business Owner Needs to Know About PCI Compliance

PCI Compliance


PCI Compliance

Regardless of the type of industry that your business is in, security is one of the crucial things that you shouldn’t neglect. As a PCI DSS compliant call center, we’d like to share this guide with you to help you in keeping your business secure with PCI compliance.

If you’re new to PCI compliance and are wanting to learn about how it works, then this guide is certainly for you.

Let’s hop right in.

What is PCI DSS?

PCI DSS means “Payment Card Industry Data Security Standard.” This was created by the PCI Security Standards Council — a global body comprised of five major card brands located worldwide.

These five companies include:

  • Visa Inc.
  • MasterCard
  • JCB International
  • Discovery Financial Services, and
  • American Express.

This standard aims to reduce credit card fraud by placing safeguards on how sensitive authentication data is stored, processed, and transmitted. Any companies using any one of the five card payment systems are required to comply with the regulations set by the council.

Why is telephone card payment security essential?

Many regulatory bodies require companies to record and store phone conversations in different situations. In line with this, many fraudsters are currently shifting towards the telephone-order medium to steal data due to increased security and risk-mitigation factors in e-commerce environments.

Because of this regulatory compliance to other authorities, organizations who take customer card details over the phone may be exposing the obtained cardholder data to unnecessary risk due to being in contravention of the established PCI DSS requirements.

What are PCI DSS compliant call centers?

In a nutshell, call centers who comply with the PCI DSS standards have to ensure the following requirements:

  • Implement and maintain an appropriate sensitive-authentication-data retention policy;
  • Mask the primary account number of customers whenever it is displayed;
  • Render the customer’s primary account number as unreadable whenever being stored;
  • Encrypt the cardholder data before transmitting it through public networks;
  • Implement proper user authentication for agents, staffs, and administrators;
  • Adhere to a security policy on information;
  • Label, inventory, and render unreadable any media that is used to record information as guided by PCI DSS requirements; and,
  • Implement all PCI DSS requirements.

How do I know if a call center is PCI DSS compliant?

You can identify if call centers who take over-the-phone credit card details are PCI compliant or not.

Ask them to prove how they comply with PCI DSS regulations, and ask them to explain to you how they eliminate any sensitive authentication data from their recordings. This removal of data ought to be automatic and with no manual intervention from the staff.

What’s next?

If you’re looking for a PCI DSS compliant call center to help you with administering your customer’s sensitive authentication data, then contact us now.



Read More »

Your Ultimate Guide to HIPAA – Part Two

Guide to HIPAA

Guide to HIPAA

Welcome back to our ultimate guide to HIPAA series. We’re at the second part of our three-part series, where we dissect the ins and outs of the HIPAA guidelines. As a HIPAA compliant call center, we decided to run this three-part series to help you have a better understanding of how HIPAA words.

Let’s get back to where we left off.

On healthcare fraud and abuse prevention, administrative simplification, and medical liability reform

Title II of the HIPAA defines guidelines, policies, and procedures for how the security and privacy of identifiable health information of individuals ought to be maintained. Title II also outlines a number of offenses related to healthcare and sets the criminal and civil penalties for the violations of such offenses.

Though several programs were created under Title II to limit abuse and fraud within the healthcare system, perhaps its most significant provisions are its administrative simplification rules.

The title required the Department of Health and Human Services (HHS) to formulate rules that focus on increasing the current health care system’s efficiency by creating standards for healthcare information use and dissemination.

These rules are applied to what HIPAA and the HHS define as “covered entities.” These entities include health care providers with healthcare data transmission regulated by the HIPAA, health plans, and healthcare clearinghouses (such as community health information systems and billing services).

As required by Title II, five rules were promulgated by the HHS regarding Administrative Simplification, namely:

  • The Security Rule;
  • The Enforcement Rule;
  • The Privacy Rule;
  • The Unique Identifiers Rule; and,
  • The Transactions and Code Sets Rule.

Security rule

The Final Rule on HIPAA’s Security Standards was announced on February 20, 2003, taking effect on April 21, 2003, with its compliance date of up to April 21, 2006.

The Security Rule specifically deals with Electronic Protected Health Information (EPHI). Three types of security safeguards were laid out and required for compliance, namely: administrative, physical, and technical.

The rule has identified various security standards for each type, and it also named both addressable implementation specifications and required specifications for each standard.

Required specifications are those that have to be adopted and administered as how the rule stipulates and dictates. Addressable specifications, on the other hand, are more flexible, as individual covered entities are given the privilege to evaluate their situation with these types of specifications and determine what the best way of implementing these are.

The complete details on the specific standards and specifications of the security rule can be read by clicking on the link in the resource section of this guide.

Enforcement rule

The HHS issued the Final Rule regarding the implementation of HIPAA on February 16, 2006. This rule took effect on March 16, 2006.

The Enforcement Rule has civil money penalties set for violating HIPAA standards and also has procedures for hearings and investigations for HIPAA violations established, as many years have passed with only a limited number of prosecutions for violations.

As of March 2013, there have been over 19,306 cases investigated by the HHS that have been resolved by requiring corrective actions or changes in privacy practice.

There have been many complaints investigated against multiple types of businesses, such as primary healthcare centers, national pharmacy chains, hospital chains, insurance groups, and other small providers.

According to the official website of HHS, the following is a list of issues that have often been reported according to frequency:

  • PHI misuse and disclosure;
  • No protection where health information is located;
  • Patients not being able to access their medical information;
  • Disclosing or using more than the necessary minimum amount of protected health information needed; and,
  • No electronic protected health information safeguards.

Privacy rule

The Privacy Rule’s effective compliance date was April 14, 2003, with a year’s worth of extension for “small plans.”

The Privacy Rule of HIPAA regulates how Protected Health Information (PHI) that are held by covered entities are being used and disclosed. Per HHS regulation, the HIPAA privacy rule is also extended to independent contractors working with covered entities that fit the definition of “business associates.”

PHI is any information that is held by a covered entity that involves healthcare payment, healthcare provision, or health status that possibly can be linked to an individual. This definition of PHI is interpreted quite broadly and also includes any portion of a person’s payment history and medical record.

Within 30 days upon request, covered entities have to disclose PHI to requesting individuals. They are also required to disclose PHI whenever required to do such by law.

However, covered entities are not allowed to disclose PHI without the patient’s written expressed authorization for health care operations, payment, or to facilitate treatment. Any other PHI disclosure requires written consent from the individuals to be obtained by covered entities.

Also, when covered entities disclose any PHI, a reasonable effort has to be made to keep the necessary information disclosed to the bare minimum needed to achieve its purpose.

Unique identifiers rule

HIPAA covered entities are required to use the National Provider Identifier (NPI) to identify health care providers that are covered in standard transactions starting from May 23, 2007 (or May 23, 2008, for small health plans).

All covered entities that use electronic communications, such as health insurance companies, hospitals, physicians, and so forth, have to use a single new NPI starting May 2006 (or May 2007 for small health plans).

Though NPI replaces all other types of identifiers used by Medicaid, Medicare, health plans, and other government programs; the NPI still does not take the place of the tax identification number, state license number, and DEA number of a provider.

The NPI contains ten digits, may be alphanumeric, and has its last digit as a checksum. The NPI is simply an ordinary number that does not provide any additional meaning in itself and does not contain any intelligence embedded within it.

The NPI is never re-used and is unique and national. Except for institutions, a provider usually can have only a maximum of one. Organizations may obtain multiple NPIs if they have different parts or subparts of itself, such as a rehab facility or a freestanding cancer center.

Transactions and code sets rule

With intentions to make the current healthcare system in the United States much more efficient by having healthcare operations standardized, HIPAA added to Title XI of the Social Security Act a new Part C that is titled “Administrative Simplification.”

This added part aims to simplify healthcare transactions by necessitating health plans to engage in all healthcare transactions in a format that is standardized.

Health plans that are covered by HIPAA are now required to use standardized electronic transactions. A number of electronic data interchange transactions are currently being used for HIPAA compliance. More about this can be read about by clicking the link in the resource section below.

HIPAA violations

HHS received about 91,000 complaints between April 2003 and January 2013 for HIPAA violations. 22,000 of these led to various kinds of enforcement actions, while 521 resulted in criminal action referrals to the Department of Justice.

There are two types of penalties that can be incurred: civil penalties and criminal penalties. The most prominent difference between the two is that civil penalties do not include imprisonment while criminal penalties do.

For a clear comparison of the differences of civil and criminal penalties, the following are some examples of violations that may incur civil penalties:

  • Individuals not knowing that they violated the HIPAA even after exercising reasonable diligence;
  • HIPAA violation that is due to reasonable cause but not due to willful neglect;
  • HIPAA violation that is due to willful neglect, but the violation was corrected within the specified or required time; and,
  • HIPAA violation that is due to willful neglect and was not corrected.

While the following are examples of violations that may incur criminal penalties:

  • Specified individuals and covered entities who “knowingly” disclosed or obtained individually identifiable PHI in an unauthorized manner;
  • Offenses that were committed under false pretenses; and,
  • Offenses that were committed with intent to transfer, sell, or use individually identifiable PHI for personal gain, commercial advantage, or malicious harm.

Part three of your ultimate HIPAA guide soon

While we tried our best to add the most crucial parts of the second title of HIPAA, the guide we shared is by no means complete.

If you still would like to read more on the contents of Title II: Preventing health care fraud and abuse; administrative simplification; medical liability reform of the Health Insurance Portability and Accountability Act of 1996, do check out the resource section of this guide, and click on the link below.

Stick around for Part Three of Your Ultimate Guide to HIPAA.

(Note: If you are looking for a HIPAA compliant call center to assist you with administering your customer’s sensitive medical records. Contact us now.)



Read More »

Your Ultimate Guide to HIPAA – Part One



Let me guess: You want your patients’ medical records handled with utmost care and security, don’t you? That is why you’re looking for a HIPAA compliant call center to partner with, so you can be confident that the way your customers’ medical records are handled is in accordance with the HIPAA guidelines. Of course, we can help you with just that since we are a HIPAA compliant call center.

However, in addition to supporting you through our services, we’d also like to bolster your current understanding of the act by educating you with the ins and outs of HIPAA.

We’re going to run a full-blown series talking about the guidelines and workings of HIPAA. At the end of the series, we hope that you’ll have a better understanding of how HIPAA works, so that you can stay compliant and avoid the hefty fees that comes with violating their rules.

Let’s hop right in.

HIPAA in a nutshell

If you didn’t already know, HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of 1996.

It is an act that was enacted by the U.S. Congress on August 21, 1996, and was also signed by President Bill Clinton in the same year. It’s also known as the 191st Public Law of the 104th U.S. Congress.

Other names that it goes by is the Kassebaum–Kennedy Act or the Kennedy–Kassebaum Act, which is named after two of its main leading sponsors.

It’s official long title is: “An act to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

The long title above mentions multiple actions that HIPAA covers. Parallel to the aforementioned enumerated processes that the act aims to accomplish, HIPAA is seen to be divided into a total of five different “titles” or parts in its table of contents, namely:

  • Title I: Health care access, portability, and renewability
  • Title II: Preventing health care fraud and abuse; administrative simplification; medical liability reform
  • Title III: Tax-related health provisions
  • Title IV: Application and enforcement of group health plan requirements, and
  • Title V: Revenue offsets

Let’s start this series by tackling the contents of each of these titles bit-by-bit. We are going to dive into each of these titles, and take a closer look at what each title is all about.

Up first is the healthcare title.

On health care access, portability, and renewability

The first title of HIPAA contains how the breadth and availability of some individual health insurance policies and group health plans are now regulated.

It amended acts such as the Public Health Service Act, the Employee Retirement Income Security Act, and the Internal Revenue Code.

Group health plan coverage and limitation

The first title requires that group health plans would cover individuals that have preexisting conditions. This title also limits the restrictions that a group health plan could place on the benefits for preexisting conditions.

The way it works is that group health plans could choose to refuse to provide benefits that are related to preexisting conditions for a term of 12 months after being enrolled in the plan or a period of 18 months in cases of late enrollment.

Title I also allows individuals to have the exclusion period of their group health-plan reduced depending on the amount of time of “creditable coverage” that they had right before enrolling in the plan. It also allows individuals this exclusion period reduction after “significant breaks” in coverage.

For a quick definition of these terms:

  • “Creditable coverage” has a broad definition, but includes almost all individual and group health plans, Medicaid, and Medicare.
  • “Significant breaks” in coverage is operationally defined as any 63-day time without any creditable coverage.

Title I comes with an exception though that allows employers to tie premiums and copayments to body mass index and tobacco use.

Another thing that the title requires is that policies ought to be issued without exception to individuals that are leaving group health plans with a creditable coverage that exceeds over 18 months.

This title also requires insurers to renew individuals regardless of health condition and without exclusion so long as these policies are being offered, or to provide alternatives instead to the plans that are discontinued so long as the insurer would stay in the market.

Exemptions on Title I requirements

Some health care plans are exempted from the Title I requirements as mentioned above.

Some of those that are exempted include long-term health plans and other plans that are limited in terms of scope, such as vision and dental plans that are often offered separately from general health plans.

However, if the general health plan includes the benefits mentioned above, then the HIPAA still applies to those kinds of benefits.

For example, if dental benefits are included in the new plan offer, then it has to count the creditable continuous coverage that is under the old health plan in determining any of the plan’s exclusion periods for dental benefits.

Alternate methods of calculating creditable coverage

Available as well to the health plans that are under Title I is an alternative method of calculating creditable continuous coverage.

There are categories of health coverage that can be considered separately, and these benefits, if offered separately, are not subjected to HIPAA requirements, such as:

  • Limited scope vision and dental benefits;
  • Nursing home care benefits;
  • Long-term care benefits;
  • Community-based care benefits;
  • Home health care benefits;
  • Any combination of the previous four benefits mentioned above, and;
  • Other similar limited benefits that are specified in regulations.

Anything that is not under the categories mentioned above has to use the general calculation.

A practical example for this would be to have the beneficiary counted with 18 months of the general coverage but only for six months of dental coverage because of how the beneficiary did not get a general health plan that was able to cover the dental plan up until six months before the application date.

Other features and concerns of Title I

There’s this odd case that exists in which applicants who enter into general group health plans cannot obtain certificates of continuous creditable coverage for independent limited-scope plans, so that they could use these certificates to apply towards the exclusion periods of the plan because of how the limited-coverage plans are exempted from HIPAA requirements.

Also, Title I does not allow the validity of hidden exclusion periods.

Clauses, such as “To be covered, the accident must have occurred while the stated beneficiary was covered under the same health-based insurance contract,” ought not to be acted upon and imposed by the health plan, and has to be re-written as to comply with HIPAA standards.

There is even more guidelines and details mentioned in Title I: Health Care Access, Portability, and Renewability of the Health Insurance Portability and Accountability Act of 1996.

However, despite all that we’ve tackled so far, we are still just scratching the surface as compared to all the contents that the first title of the act has to offer.

If you would like to read more on the contents of Title One, or if you would like to read more about the whole HIPAA itself, you could find the link to its official publication on the Government Publication Office website down in the Resource section below.

More about HIPAA soon

We are going to end the Part One of our series here. I hope that you’ve found value in what you’ve read so far.

For a teaser on the upcoming article, we are going to be continuing our extensive yet easy-to-read discussion on what HIPAA is all about and on why call centers have to be HIPAA compliant.

In the next article, we will be continuing with the next title in the list of titles under HIPAA, Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform.

We will be explaining what this second title of the act is all about, and we would also be going over significant topics under the title that are highly relevant towards getting closer to explaining why you need a HIPAA compliant call center.

A brief look into some of the topics under Title II that could be read in the upcoming article would include contents of the enforcement rule, the unique identifiers rule, the security rule, the transactions and code sets rule, and the privacy rule.

These are just some of the insights that you would be getting regarding the HIPAA in the next article.

So, stay tuned for Part Two of our Ultimate Guide to HIPAA.

(Note: If you’re looking for a HIPAA compliant call center to help you with administering your customer’s sensitive medical records. Contact us now.)



Read More »

Celebrating Thanksgiving

© BVDC / Dollar Photo Club

Today marks a special day for the United States and all Philippine call center employees who have American clients. Thanksgiving Day is one of the most important holidays in the year. Though it is important to be thankful every single day, Thanksgiving is the day to celebrate its appreciation, meaning and reflection. It also means no work for most call center agents.

There is always something to be thankful about. From the roof on your head, the shoes on your feet, the people who keep you company or the call center outsourcing office you are employed at.

If you are still not convinced of how blessed you are, here are some things at work that are very important but have been neglected because it is always there.

Internet access, air conditioned rooms and comfortable seats are not available at every workplace. Think about it and be thankful since many have to work under the heat of the sun or sit at chairs with no back support.

Philippine contact center employees are paid above the minimum wage. Aside from monetary and health benefits, call center agents also have many learning opportunities such as the ability to improve their communication skills through training and coaching.

A supportive, understanding and approachable management is also something to be thankful for. Working for a good boss is very motivational and not everyone has the privilege of doing so.

Another thing to be grateful for is being around colleagues that are helpful and nice.

The most rewarding aspect of being employed in a Philippine outsourcing company is the sense of importance and worth. Call center agents are essential in providing customer service and to their families as they bring home the bacon.

What are you thankful for? Share your thoughts and be sure to let your friends and family know too. Happy Thanksgiving and enjoy the rest of the weekend!

Read More »