Executive Boutique

CALL US - US: 1-888-700-9555 US | UK: 44-12026-18056 AU | AU: 612-8015-5330 AU| SGP: 65-6653-6528SGP

Customer Support

5 Best Practices in Earning Positive Customer Satisfaction Consistently

Customer Satisfaction

Customer SatisfactionIf there is a key performance indicator in the call center industry that can easily top all others, it would be customer satisfaction.

For one thing, the customer satisfaction metric can very well be the measure of how your customers perceived the overall quality of service that they received from your support team. If they perceived the support that they garnered as air-tight, then you can bet that your customer satisfaction would easily skyrocket.

Usually, the data is gathered through surveys given to customers right after their interaction with your team. The survey can be conducted through phone calls, emails, or online forms (among other things).

Here are five best practices that we use outsourcing support services in the Philippines to get a positive customer satisfaction rating consistently.

Improve service level

One of the best ways to keep a positive customer satisfaction is to have an amazing service level.

From a bird’s-eye view, the service level is the length of time that your customers wait from the time they call until an agent picks up the call.

By striving to cut their waiting time, the faster that they can get their issue resolved and the quicker they can get off the phone.

Under-promise but over-deliver

Another great tip is to under-promise but over-deliver. This is the secret of many successful organizations.

You do this by setting your customers’ expectations, then doing everything you can to deliver better results than what you promised.

For example, when your customers are told that the order is to be shipped in three days, you can surprise them by shipping their purchase in one or two days.

Fulfill unstated needs

There are many things that are important to your customers that they do not verbalize during their interaction with your team. These are often called “unstated needs.”

For example, a customer who is paying a bill over the phone or by sending in a check can benefit from an auto-debit arrangement. That way, their bills get paid automatically saving them time.

You can teach your agents to find ways to identify and fulfill your customers’ unstated needs.

Callback

Another great way to improve your customer satisfaction is by making a callback.

This is appropriate when the call was cut off unexpectedly, when things did not end well, or when issues are left unresolved.

A callback makes your customers’ life easier as it saves them a whole load of time waiting again on the phone and they can to talk to an agent who already knows their issue.

Personalized interaction

The last technique to get positive customer satisfaction is by building a human connection.

Your customers don’t want to hear a canned response from your support team. Instead, they want to be able to speak to someone who is not only capable of resolving their issues, but also someone who understands their situation as well.

That being said, train your agents to polish their communication skills and to develop a personable character to make each interaction they make with their callers a personalized, productive, and a meaningful one.

Conclusion

All the above tips have one thing in common: they are all about walking the extra mile for your customers.

By making sure that they have great service experience with your call center agents, you can raise your likelihood of being able to consistently earn positive customer satisfaction.

Read More »

5 Ways to Helping Your Customer Support Team With Managing Their AHT

Customer Support AHT

Customer Support AHTIn running a call center, your customer support team will be required to pass several key performance indicators including average handling time.

Average handling time (AHT) is the number of minutes it takes for a call to get resolved from start to finish.

Usually, it is measured from the moment the agent hears a ring that signals the arrival of a caller to the end of the call.

Having your customer support team meet or exceed AHT target is essential in maintaining good performance in your call center as it ensures that there are enough people to answer incoming calls.

Therefore, here are the top 5 tips in helping members of your customer support team with managing their AHT.

1. Provide training

The goal of training is to help new employees get up to speed in terms of reaching expectations on AHT.

Without proper training, the newly hired agents will have a hard time in developing the right skills and will take a longer learning curve in managing their targets.

So the first thing you can do is provide excellent learning opportunities in the use of tools, customer relations management (CRM) software, and systems.

Through demonstration and actual exercises, they can learn how to be more efficient in navigating around desktop tools and applications.

2. Put up a transfer flow chart

If you are running a big call center organization that is composed of different departments and there are transferred calls, you may want to build a transfer flow chart.

A transfer flow chart quickly tells an agent whether the issue raised by the caller is within his or her scope of responsibility or will need to be transferred to another expert such as technical support.

For one thing, it is a win-win solution. It ensures that issues are resolved by the right people.

Also, it avoids having long-winding conversations that might upset the caller if they are told that all the time they spent was for nothing because they have to talk to someone else.

3. Develop active listening

Additionally, you can help your customer support team to develop active listening.

Through active listening, your agents and the caller can maintain clear communication. This prevents any misunderstanding and helps in knowing the exact issue and providing the proper resolution immediately.

4. Give tips on how to deal with runaway callers

Furthermore, you can also give tips on how to politely deal with runaway callers, people who are likely to start and continue talking off-topic which can lead to longer calls.

For example, you can give sample spiels that can acknowledge what the caller is saying and then quickly turn the conversation back to the issue.

5. Share best practices

You can also nurture a culture of collaboration and mentorship.

This can be done by either asking the leader of the customer support team to continuously coach or requesting each member to partner with another member and share feedback.

In the process, it helps make sure that best practices are freely shared around, helping everyone to manage their AHT successfully.

Wrapping it all up: keeping tabs on performance

After you have implemented the above action plans, the next thing you need to do is to regularly monitor and let people know of their performance.

You can do this by putting up a stat board or sending email to all the members of the customer support team with individual and team AHT levels.

By giving them the opportunity to be more efficient and to know about how well they’re doing, you can help your customer support team to reach AHT goals.

Read More »

4 Ways to Establishing a Better Relationship with Your Partner Contact Center

contact_center

contact_centerA good number of companies are outsourcing their business processes to contact centers for a variety of reasons.

For one thing, outsourcing allows them to focus on their core businesses while handing off tasks such as customer service, technical support and telemarketing to companies that are specializing on them.

Because contact centers interact with your customers regularly, building a great working relationship with them is vital for your company’s success.

They are your ears and eyes on how well you are doing in serving your customers. Their feedback will be crucial in improving many aspects of your business, allowing you to stay on top of the game.

Here are four ways for you to build a better relationship with your partner contact center.

1. Communicate your needs

Your business is unique in a lot of ways.

From the delivery of your products and services to target customers, you will have particular goals, needs, and preferences that you have to communicate to your contact center all the time.

For example, you might be looking for representatives with experience in outbound sales or a technical support expert with a background in web development.

Hiring talents is just one area where you will need to be clear about your needs.

You might also want certain processes in dealing with return order, customer complaints, or underperforming representatives.

By being transparent about what you want, your contact centers can fluidly execute action plans that will better fit your business.

2. Hire an account manager

An account manager is a liaison officer between you and the contact center.

You might need one especially when your business is rapidly growing, you are serving a large customer base, or you are contracting several contact centers in many different locations.

An account manager will be responsible in maintaining channels of communication, meeting managers and representatives on site, and following through mutually agreed business terms.   

3. Keep a listening ear

Another way in keeping a great relationship with your contact center is to listen to them.

They offer valuable insights about your customers especially that they interact with them every day. They can help you find ways to further enhance customer experience and identity areas of improvements.

Additionally, you can also benefit from their feedback on how you can improve your business processes and tools.

Most of all, they feel valued as an integral part of your company when you listen to them and respond positively on their constructive feedback.

4. Give incentives

When they do a great job, reward them. It will be advantageous to your bottom line if you do.

Rewarding excellent work will encourage them to always meet or even exceed your expectations.

You can give incentives to teams, representatives, or managers who are doing well in sales, customer satisfaction, and other business processes.

In turn, your customers are going to be taken care of by motivated people. They will stay as a fan of your business which can translate to increase in repeat sales and boost your company’s overall reputation.

Your next steps

Treat your contact centers as you would a business partner.

They are your frontline brand ambassadors representing your company every time they communicate with your customers.

By bringing your relationship with them to the next level, you can rest assured that your customers are treated with world-class service experience.

Read More »

How to Train Your Newly Hired Customer Service Agents to be More Engaging

newly_hired_customer_service_agents

newly_hired_customer_service_agentsWhether you’re running a product or a service-based business, living up to your customers’ expectations is a must if you want to succeed.

What makes this tricky, however, is the fact that your customers aren’t just looking for a solution to their problems, they’re looking for quick solutions.

They want their problems solved the soonest and would often ask to speak with a skilled agent who can do this for them.

Of course, if your company can’t give them just that, then they won’t hesitate going to your competitors.

This tells the business owners that for them to outdo their competitors, they need to provide exceptional customer service.

How are you going to accomplish that, you might want to ask?

Well, you can start by training your newly hired customer service reps to be more engaging and interactive.

The following are several crucial ideas and tips on how you can help your customer representatives become more engaging, more confident and more effective!

1. Start with the basic induction and let them learn the Product.

Induction is the first step that helps a new employee familiarize with the product and services that you are offering. Make sure you give your newly hired customer service reps a thorough insight of the products that you are offering.

They should understand the product or service as their own. The first part of their training should revolve around products, services and solutions that they can offer.

2. Conduct scenario-based training sessions.

While you train the new reps, throw multiple scenarios at them. This will help in two ways. One, your reps will understand the kind of queries they may face. Two, it will help them think of multiple ways to provide a solution to the customer.

This is a good way to build a line of communication and boost their confidence.

3. Recognize their mistakes and acknowledge their effort.

It is essential to tell your employees where they are going wrong. Guide them with patience and be professional when you criticism them.

Another thing that you must do is to acknowledge the efforts that your employees are making. A small dose of encouragement can make your reps move mountains (not literally). It can certainly help them display more confidence while speaking with a customer.

4. Include quests and challenges in your program.

Challenges evoke productivity and creativity. Therefore, make sure you add quests and challenges to your training program.

Take them through online challenges or ask them to take an impromptu call with a customer. Such challenges can help your new hires learn quickly and perform better.

5. Assign mentors to new hires.

You can hit two birds with one arrow if you practice this. Assigning a mentor to a group of new hires will not just help in their training but also encourage your existing employees to perform better so as to grab the position of a mentor.

If your newly hired customer service rep is motivated to perform during the training session, they will be able to absorb the knowledge efficiently and excel while enrolled on-process.

Conclusion.

A well-trained and enthusiastic customer rep can help your business expand in ways you’d never imagine.

Always devote enough time in training them with new materials and they’ll most likely perform better with how to address your customer’s concerns.

Read More »

5 Tips to Improve Customer Loyalty and Retention

improve customer loyalty

improve customer loyaltyIn today’s ever-competitive business environment, it’s imperative for every business owner to build sound strategies that positively impact customer loyalty and retention.

To do this, special emphasis needs to be placed on great customer service.

Why? For starters, a 2009 survey suggested that the most common reason why customers cancel a service is because of poor customer support.

There’s no surprise there, really.

After all, the customer service agents is a business’s front line when interacting with customers. It’s how a company can establish a relationship with its client base.

Listed below are tips to improve customer loyalty and retention

1. Interact with customers on a personable level

Customer service agents play a crucial role when it comes to “humanizing” a business entity.

This bit is crucial since people highly prefer to deal with people — and not companies or brands.

Customers in general want to feel that they are valued as people first, not just for the business opportunities they provide.

There are many ways your customer service team can pull this off, but perhaps the shorthand of it is to employ effective “soft skills.”

This can mean everything from greeting the customer by name, to showing courtesy at all times during each call, to thanking the customer for calling.

If recent studies on customer interaction are any indication, it is that clients are more likely to stay loyal to your brand if they are treated by customer service personnel in a personable manner.

2. Reduce customer effort

Customers grow frustrated when their issues are not resolved quickly, even more so when the resolution offered requires them to do some of the lifting.

According to a study published in Harvard Business Review, reducing customer effort positively impacts customer loyalty.

Train your employees to resolve issues more efficiently and chances are your customers will be less likely to cancel the service on a whim.

3. Go the extra mile for your customers

Another way to make customers stay with the company is to regularly offer them rewards and incentives.

By rewarding clients, you are showing them your appreciation for their business. More importantly, you are giving them good reasons to continue purchasing your services.

Another important strategy you can adopt is to regularly offer goodwill gestures to customers who have issues with the service.

For instance, you can offer customers a refund to compensate for the inconvenience they experienced on account of, say, a technical issue.

It’s important to note that goodwill gestures have more positive impact to customer loyalty when they are offered even if customers didn’t ask for them.

4. Be proactive

An amazing strategy to boost customer loyalty and diminish churn rates is to be proactive at all times.

What this means is that you have to anticipate the customer’s needs at every available opportunity.

Will the service be undergoing a service maintenance which could cause technical problems for customers? Inform them at least a few days in advance through all available channels.

Being forthcoming with customers in regards to information that concerns them inspires confidence and brand loyalty.

5. Foster customer-centered behavior into company culture

Emphasizing to agents that the main thrust of the company’s strategy is to deliver great customer experience can go a long way into making sure that every hand on deck is on board.

It makes for an easy integration of customer-centric policies and procedures into the company’s operations, resulting to positive results in customer support interactions.

Final Word

Increasing customer loyalty and retention is essential in securing a business’s long-term goals.

We at Executive Boutique know this all too well, which is why we are committed to training our agents to be well-versed in the best practices that have been proven to improve customer experience.

Read More »

Preventing PHI Data Breaches in Contact Centers

PHI data breaches

PHI data breaches

PHI data breaches can cause a lot of problems for both the medical organizations and for the patients to which the protected health information (PHI) belongs to.

PHI holders whose information have been breached can experience severe social damage to his or her career, reputation, family, and even lifestyle.

The impact of PHI data breaches are so severe that it can even lead PHI holders to sue the organization and demand compensation for the damages that occurred.

Because of these repercussions, it is highly important for medical establishments to only work with contact centers that are HIPAA compliant and that practice a high sense of PHI data security.

This blog post will cover two important tips on methods that HIPAA-compliant contact centers can use to prevent data breaches.

Our goal at the end of this post is that you’d be able to identify contact centers that use methods and strategies that are aligned with preventing data breaches.

Employing Risk Assessments

Risk assessments involve utilizing a third-party security expert to conduct a thorough check up on the kind of safety and security level that is used in a contact center’s operating procedures.

These experts then give feedback to the agency on how they could improve their safety standards to prevent becoming a victim of possible data breaches.

Consider some of the following scenarios:

  • Agents leaving their desktop computers open and accessible while taking a break, allowing unauthorized individuals to view and even access the PHI.
  • PHI storage devices not utilizing any encryption software, thereby leaving the data easily accessible in the event of the device either being stolen or lost.
  • Agents discussing confidential PHI details among their peers, colleagues, and other individuals who are not authorized to know these details.

Because lapses such as these can sometimes be overlooked, investing in risk assessments would help pinpoint vulnerable areas in a contact center’s information handling and storage.

These lapses and vulnerabilities can then be corrected by the agency via proper employee training or by using the right cyber-security and encryption tools.

Utilizing Uniform Training

Another way of reducing the likelihood of a data breach is to ensure that all employees go through and pass a uniform training program that focuses on HIPAA compliance.

These employees should be fluent with the HIPAA compliance guidelines and should be kept up-to-date with any changes and updates to the Act’s regulations.

The agency’s management should also regularly remind and emphasize to agents the important operating procedures and policies that they need to maintain as they go about their daily tasks.

Some of these procedures could include the following:

  • Agents ensuring that their screens have to be protected from the view of other unauthorized individuals at all times.
  • Agents storing files in secured locations and utilizing secure emails and phone lines when disseminating sensitive PHI.
  • Agents encrypting files before sending them and utilizing password-locks when taking breaks to ensure that unauthorized individuals could not access their devices.

Emphasizing these guidelines and setting consequences for compliance-failure would lessen the chances of data breaches happening because of any lapses on the agent’s part.

What’s Next?

If you’re looking for a HIPAA-compliant contact center to outsource your patient’s PHI handling, storage, and management needs, allow us to help.

Executive Boutique is a fully-compliant HIPAA call center that is well-versed with patient privacy and never overlooks data security.

For more information, click the contact button on the upper-right part of this page to contact us today.

Also, got any questions, concerns, and feedback?

Comment below. We’ll get back to you as soon as we can.

Read More »

Frequently Asked Questions Business Owners Have on PCI Compliance

PCI Compliance

PCI Compliance

Let me guess: You want to learn more about the Payment Card Industry (PCI), don’t you? However, with all the things that you need cover, you can’t help but feel overwhelmed. As a PCI DSS compliant call center, we’re here to help you with just that — learning about PCI compliance.

We’re going to walk you through some of the basics of the industry, hoping that we’ll be able to address the burning questions that you have about it.

Today, we’re going to do this by answering ten common queries that a lot of first-timers have on PCI compliance.

Without further ado, let’s hop right in.

1. What is the PCI DSS?

PCI DSS stands for the “Payment Card Industry Data Security Standard.” This is a set of security protocols and guidelines designed to make sure that all companies that accept, store, process, or transmit any credit card information would maintain a secure environment.

2. What is the PCI SSC?

PCI SSC stands for the “Payment Card Industry Security Standards Council.” This council is a body launched last September 7, 2006 for the management of the growth and changing dynamics of security standards in the PCI.

The PCI SSC administers and handles the PCI DSS and focuses on enhancing account security through the payment and transaction process. This body was made by leading payment card brands, namely: MasterCard, Visa, Discover, American Express, and JCB.

3. Is the PCI SSC responsible for enforcing compliance?

No. The acquirers and payment brands are responsible for compliance enforcement, not the PCI council.

4. Does the PCI DSS apply to my business?

If your company transmits, stores, or accepts any cardholder data, then the PCI DSS applies to your organization no matter its size or transaction amount.

5. What is a merchant?

A merchant is any entity that accepts any payment card that bears a logo of any of the PCI SSC members for payment of goods or services.

6. What is an acquirer?

An acquirer is an entity that processes transactions for merchants. These entities are usually financial institutions and are explicitly defined by a payment brand as such. Other names that it may carry include “acquiring bank,” “merchant bank,” and “acquiring financial institution.”

7. What is a service provider?

A service provider is any entity

  • That is not a payment card brand; and,
  • That is directly involved in cardholder data storage, processing, or transmission.

8. Can a merchant also be a service provider?

Yes. If your company stores, processes, and transmits cardholder data, and if your organization also accepts payment cards as a payment for services or goods, then your business is both a merchant and a service provider.

9. Are there penalties for non-compliance?

Yes, there are. If non-compliance is spotted, payment brands may fine a bank $5,000 to $100,000 each month for every violation. The bank would usually pass along the fine until it would eventually reach the merchant.

Also, banks may either increase transaction fees or terminate your relationship depending on the violation performed.

10. What happens if my business chooses not to cooperate?

PCI DSS is not a law and just a standard. However, merchants who do not comply with PCI DSS may receive fines at the discretion of service providers and acquirers if a violation was spotted.

Also, any breach events that occur may incur forensic audits and card replacement costs from these acquirers or service providers.

What’s next?

Do you still have more questions about PCI compliance?

Let us know about them in the comments below.

(Note: If you’re looking for a PCI DSS compliant call center to help administer your customer’s sensitive authentication data. Contact us now.)

Read More »

What Every Business Owner Needs to Know About PCI Compliance

PCI Compliance

 

PCI Compliance

Regardless of the type of industry that your business is in, security is one of the crucial things that you shouldn’t neglect. As a PCI DSS compliant call center, we’d like to share this guide with you to help you in keeping your business secure with PCI compliance.

If you’re new to PCI compliance and are wanting to learn about how it works, then this guide is certainly for you.

Let’s hop right in.

What is PCI DSS?

PCI DSS means “Payment Card Industry Data Security Standard.” This was created by the PCI Security Standards Council — a global body comprised of five major card brands located worldwide.

These five companies include:

  • Visa Inc.
  • MasterCard
  • JCB International
  • Discovery Financial Services, and
  • American Express.

This standard aims to reduce credit card fraud by placing safeguards on how sensitive authentication data is stored, processed, and transmitted. Any companies using any one of the five card payment systems are required to comply with the regulations set by the council.

Why is telephone card payment security essential?

Many regulatory bodies require companies to record and store phone conversations in different situations. In line with this, many fraudsters are currently shifting towards the telephone-order medium to steal data due to increased security and risk-mitigation factors in e-commerce environments.

Because of this regulatory compliance to other authorities, organizations who take customer card details over the phone may be exposing the obtained cardholder data to unnecessary risk due to being in contravention of the established PCI DSS requirements.

What are PCI DSS compliant call centers?

In a nutshell, call centers who comply with the PCI DSS standards have to ensure the following requirements:

  • Implement and maintain an appropriate sensitive-authentication-data retention policy;
  • Mask the primary account number of customers whenever it is displayed;
  • Render the customer’s primary account number as unreadable whenever being stored;
  • Encrypt the cardholder data before transmitting it through public networks;
  • Implement proper user authentication for agents, staffs, and administrators;
  • Adhere to a security policy on information;
  • Label, inventory, and render unreadable any media that is used to record information as guided by PCI DSS requirements; and,
  • Implement all PCI DSS requirements.

How do I know if a call center is PCI DSS compliant?

You can identify if call centers who take over-the-phone credit card details are PCI compliant or not.

Ask them to prove how they comply with PCI DSS regulations, and ask them to explain to you how they eliminate any sensitive authentication data from their recordings. This removal of data ought to be automatic and with no manual intervention from the staff.

What’s next?

If you’re looking for a PCI DSS compliant call center to help you with administering your customer’s sensitive authentication data, then contact us now.

Resource

https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_1.pdf

Read More »

Your Ultimate Guide to HIPAA – Part Two

Guide to HIPAA

Guide to HIPAA

Welcome back to our ultimate guide to HIPAA series. We’re at the second part of our three-part series, where we dissect the ins and outs of the HIPAA guidelines. As a HIPAA compliant call center, we decided to run this three-part series to help you have a better understanding of how HIPAA words.

Let’s get back to where we left off.

On healthcare fraud and abuse prevention, administrative simplification, and medical liability reform

Title II of the HIPAA defines guidelines, policies, and procedures for how the security and privacy of identifiable health information of individuals ought to be maintained. Title II also outlines a number of offenses related to healthcare and sets the criminal and civil penalties for the violations of such offenses.

Though several programs were created under Title II to limit abuse and fraud within the healthcare system, perhaps its most significant provisions are its administrative simplification rules.

The title required the Department of Health and Human Services (HHS) to formulate rules that focus on increasing the current health care system’s efficiency by creating standards for healthcare information use and dissemination.

These rules are applied to what HIPAA and the HHS define as “covered entities.” These entities include health care providers with healthcare data transmission regulated by the HIPAA, health plans, and healthcare clearinghouses (such as community health information systems and billing services).

As required by Title II, five rules were promulgated by the HHS regarding Administrative Simplification, namely:

  • The Security Rule;
  • The Enforcement Rule;
  • The Privacy Rule;
  • The Unique Identifiers Rule; and,
  • The Transactions and Code Sets Rule.

Security rule

The Final Rule on HIPAA’s Security Standards was announced on February 20, 2003, taking effect on April 21, 2003, with its compliance date of up to April 21, 2006.

The Security Rule specifically deals with Electronic Protected Health Information (EPHI). Three types of security safeguards were laid out and required for compliance, namely: administrative, physical, and technical.

The rule has identified various security standards for each type, and it also named both addressable implementation specifications and required specifications for each standard.

Required specifications are those that have to be adopted and administered as how the rule stipulates and dictates. Addressable specifications, on the other hand, are more flexible, as individual covered entities are given the privilege to evaluate their situation with these types of specifications and determine what the best way of implementing these are.

The complete details on the specific standards and specifications of the security rule can be read by clicking on the link in the resource section of this guide.

Enforcement rule

The HHS issued the Final Rule regarding the implementation of HIPAA on February 16, 2006. This rule took effect on March 16, 2006.

The Enforcement Rule has civil money penalties set for violating HIPAA standards and also has procedures for hearings and investigations for HIPAA violations established, as many years have passed with only a limited number of prosecutions for violations.

As of March 2013, there have been over 19,306 cases investigated by the HHS that have been resolved by requiring corrective actions or changes in privacy practice.

There have been many complaints investigated against multiple types of businesses, such as primary healthcare centers, national pharmacy chains, hospital chains, insurance groups, and other small providers.

According to the official website of HHS, the following is a list of issues that have often been reported according to frequency:

  • PHI misuse and disclosure;
  • No protection where health information is located;
  • Patients not being able to access their medical information;
  • Disclosing or using more than the necessary minimum amount of protected health information needed; and,
  • No electronic protected health information safeguards.

Privacy rule

The Privacy Rule’s effective compliance date was April 14, 2003, with a year’s worth of extension for “small plans.”

The Privacy Rule of HIPAA regulates how Protected Health Information (PHI) that are held by covered entities are being used and disclosed. Per HHS regulation, the HIPAA privacy rule is also extended to independent contractors working with covered entities that fit the definition of “business associates.”

PHI is any information that is held by a covered entity that involves healthcare payment, healthcare provision, or health status that possibly can be linked to an individual. This definition of PHI is interpreted quite broadly and also includes any portion of a person’s payment history and medical record.

Within 30 days upon request, covered entities have to disclose PHI to requesting individuals. They are also required to disclose PHI whenever required to do such by law.

However, covered entities are not allowed to disclose PHI without the patient’s written expressed authorization for health care operations, payment, or to facilitate treatment. Any other PHI disclosure requires written consent from the individuals to be obtained by covered entities.

Also, when covered entities disclose any PHI, a reasonable effort has to be made to keep the necessary information disclosed to the bare minimum needed to achieve its purpose.

Unique identifiers rule

HIPAA covered entities are required to use the National Provider Identifier (NPI) to identify health care providers that are covered in standard transactions starting from May 23, 2007 (or May 23, 2008, for small health plans).

All covered entities that use electronic communications, such as health insurance companies, hospitals, physicians, and so forth, have to use a single new NPI starting May 2006 (or May 2007 for small health plans).

Though NPI replaces all other types of identifiers used by Medicaid, Medicare, health plans, and other government programs; the NPI still does not take the place of the tax identification number, state license number, and DEA number of a provider.

The NPI contains ten digits, may be alphanumeric, and has its last digit as a checksum. The NPI is simply an ordinary number that does not provide any additional meaning in itself and does not contain any intelligence embedded within it.

The NPI is never re-used and is unique and national. Except for institutions, a provider usually can have only a maximum of one. Organizations may obtain multiple NPIs if they have different parts or subparts of itself, such as a rehab facility or a freestanding cancer center.

Transactions and code sets rule

With intentions to make the current healthcare system in the United States much more efficient by having healthcare operations standardized, HIPAA added to Title XI of the Social Security Act a new Part C that is titled “Administrative Simplification.”

This added part aims to simplify healthcare transactions by necessitating health plans to engage in all healthcare transactions in a format that is standardized.

Health plans that are covered by HIPAA are now required to use standardized electronic transactions. A number of electronic data interchange transactions are currently being used for HIPAA compliance. More about this can be read about by clicking the link in the resource section below.

HIPAA violations

HHS received about 91,000 complaints between April 2003 and January 2013 for HIPAA violations. 22,000 of these led to various kinds of enforcement actions, while 521 resulted in criminal action referrals to the Department of Justice.

There are two types of penalties that can be incurred: civil penalties and criminal penalties. The most prominent difference between the two is that civil penalties do not include imprisonment while criminal penalties do.

For a clear comparison of the differences of civil and criminal penalties, the following are some examples of violations that may incur civil penalties:

  • Individuals not knowing that they violated the HIPAA even after exercising reasonable diligence;
  • HIPAA violation that is due to reasonable cause but not due to willful neglect;
  • HIPAA violation that is due to willful neglect, but the violation was corrected within the specified or required time; and,
  • HIPAA violation that is due to willful neglect and was not corrected.

While the following are examples of violations that may incur criminal penalties:

  • Specified individuals and covered entities who “knowingly” disclosed or obtained individually identifiable PHI in an unauthorized manner;
  • Offenses that were committed under false pretenses; and,
  • Offenses that were committed with intent to transfer, sell, or use individually identifiable PHI for personal gain, commercial advantage, or malicious harm.

Part three of your ultimate HIPAA guide soon

While we tried our best to add the most crucial parts of the second title of HIPAA, the guide we shared is by no means complete.

If you still would like to read more on the contents of Title II: Preventing health care fraud and abuse; administrative simplification; medical liability reform of the Health Insurance Portability and Accountability Act of 1996, do check out the resource section of this guide, and click on the link below.

Stick around for Part Three of Your Ultimate Guide to HIPAA.

(Note: If you are looking for a HIPAA compliant call center to assist you with administering your customer’s sensitive medical records. Contact us now.)

Resource

https://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf

Read More »

Your Ultimate Guide to HIPAA – Part One

HIPAA

HIPAA

Let me guess: You want your patients’ medical records handled with utmost care and security, don’t you? That is why you’re looking for a HIPAA compliant call center to partner with, so you can be confident that the way your customers’ medical records are handled is in accordance with the HIPAA guidelines. Of course, we can help you with just that since we are a HIPAA compliant call center.

However, in addition to supporting you through our services, we’d also like to bolster your current understanding of the act by educating you with the ins and outs of HIPAA.

We’re going to run a full-blown series talking about the guidelines and workings of HIPAA. At the end of the series, we hope that you’ll have a better understanding of how HIPAA works, so that you can stay compliant and avoid the hefty fees that comes with violating their rules.

Let’s hop right in.

HIPAA in a nutshell

If you didn’t already know, HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of 1996.

It is an act that was enacted by the U.S. Congress on August 21, 1996, and was also signed by President Bill Clinton in the same year. It’s also known as the 191st Public Law of the 104th U.S. Congress.

Other names that it goes by is the Kassebaum–Kennedy Act or the Kennedy–Kassebaum Act, which is named after two of its main leading sponsors.

It’s official long title is: “An act to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

The long title above mentions multiple actions that HIPAA covers. Parallel to the aforementioned enumerated processes that the act aims to accomplish, HIPAA is seen to be divided into a total of five different “titles” or parts in its table of contents, namely:

  • Title I: Health care access, portability, and renewability
  • Title II: Preventing health care fraud and abuse; administrative simplification; medical liability reform
  • Title III: Tax-related health provisions
  • Title IV: Application and enforcement of group health plan requirements, and
  • Title V: Revenue offsets

Let’s start this series by tackling the contents of each of these titles bit-by-bit. We are going to dive into each of these titles, and take a closer look at what each title is all about.

Up first is the healthcare title.

On health care access, portability, and renewability

The first title of HIPAA contains how the breadth and availability of some individual health insurance policies and group health plans are now regulated.

It amended acts such as the Public Health Service Act, the Employee Retirement Income Security Act, and the Internal Revenue Code.

Group health plan coverage and limitation

The first title requires that group health plans would cover individuals that have preexisting conditions. This title also limits the restrictions that a group health plan could place on the benefits for preexisting conditions.

The way it works is that group health plans could choose to refuse to provide benefits that are related to preexisting conditions for a term of 12 months after being enrolled in the plan or a period of 18 months in cases of late enrollment.

Title I also allows individuals to have the exclusion period of their group health-plan reduced depending on the amount of time of “creditable coverage” that they had right before enrolling in the plan. It also allows individuals this exclusion period reduction after “significant breaks” in coverage.

For a quick definition of these terms:

  • “Creditable coverage” has a broad definition, but includes almost all individual and group health plans, Medicaid, and Medicare.
  • “Significant breaks” in coverage is operationally defined as any 63-day time without any creditable coverage.

Title I comes with an exception though that allows employers to tie premiums and copayments to body mass index and tobacco use.

Another thing that the title requires is that policies ought to be issued without exception to individuals that are leaving group health plans with a creditable coverage that exceeds over 18 months.

This title also requires insurers to renew individuals regardless of health condition and without exclusion so long as these policies are being offered, or to provide alternatives instead to the plans that are discontinued so long as the insurer would stay in the market.

Exemptions on Title I requirements

Some health care plans are exempted from the Title I requirements as mentioned above.

Some of those that are exempted include long-term health plans and other plans that are limited in terms of scope, such as vision and dental plans that are often offered separately from general health plans.

However, if the general health plan includes the benefits mentioned above, then the HIPAA still applies to those kinds of benefits.

For example, if dental benefits are included in the new plan offer, then it has to count the creditable continuous coverage that is under the old health plan in determining any of the plan’s exclusion periods for dental benefits.

Alternate methods of calculating creditable coverage

Available as well to the health plans that are under Title I is an alternative method of calculating creditable continuous coverage.

There are categories of health coverage that can be considered separately, and these benefits, if offered separately, are not subjected to HIPAA requirements, such as:

  • Limited scope vision and dental benefits;
  • Nursing home care benefits;
  • Long-term care benefits;
  • Community-based care benefits;
  • Home health care benefits;
  • Any combination of the previous four benefits mentioned above, and;
  • Other similar limited benefits that are specified in regulations.

Anything that is not under the categories mentioned above has to use the general calculation.

A practical example for this would be to have the beneficiary counted with 18 months of the general coverage but only for six months of dental coverage because of how the beneficiary did not get a general health plan that was able to cover the dental plan up until six months before the application date.

Other features and concerns of Title I

There’s this odd case that exists in which applicants who enter into general group health plans cannot obtain certificates of continuous creditable coverage for independent limited-scope plans, so that they could use these certificates to apply towards the exclusion periods of the plan because of how the limited-coverage plans are exempted from HIPAA requirements.

Also, Title I does not allow the validity of hidden exclusion periods.

Clauses, such as “To be covered, the accident must have occurred while the stated beneficiary was covered under the same health-based insurance contract,” ought not to be acted upon and imposed by the health plan, and has to be re-written as to comply with HIPAA standards.

There is even more guidelines and details mentioned in Title I: Health Care Access, Portability, and Renewability of the Health Insurance Portability and Accountability Act of 1996.

However, despite all that we’ve tackled so far, we are still just scratching the surface as compared to all the contents that the first title of the act has to offer.

If you would like to read more on the contents of Title One, or if you would like to read more about the whole HIPAA itself, you could find the link to its official publication on the Government Publication Office website down in the Resource section below.

More about HIPAA soon

We are going to end the Part One of our series here. I hope that you’ve found value in what you’ve read so far.

For a teaser on the upcoming article, we are going to be continuing our extensive yet easy-to-read discussion on what HIPAA is all about and on why call centers have to be HIPAA compliant.

In the next article, we will be continuing with the next title in the list of titles under HIPAA, Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform.

We will be explaining what this second title of the act is all about, and we would also be going over significant topics under the title that are highly relevant towards getting closer to explaining why you need a HIPAA compliant call center.

A brief look into some of the topics under Title II that could be read in the upcoming article would include contents of the enforcement rule, the unique identifiers rule, the security rule, the transactions and code sets rule, and the privacy rule.

These are just some of the insights that you would be getting regarding the HIPAA in the next article.

So, stay tuned for Part Two of our Ultimate Guide to HIPAA.

(Note: If you’re looking for a HIPAA compliant call center to help you with administering your customer’s sensitive medical records. Contact us now.)

Resource

https://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf

Read More »