HIPAA COMPLIANCE FOR CALL CENTERS - BRIGHT PATTERN CUSTOMER SECURITY

What is HIPAA? 

HIPAA, or the Health Insurance Portability and Accountability Act, is a United States federal law that was passed in 1996. HIPAA defines requirements for the appropriate use and safeguarding of protected health information (PHI). The provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act includes updates to the HIPAA regulations that further strengthen the privacy and security of health information. 

HIPAA regulates health insurance coverage in the United States through Title I and health information privacy and security through Title II. Furthermore, within Title II, the Privacy Rule regulates the use and disclosure of protected health information, and the Security Rule lays out the safeguards required for HIPAA compliance. 

 

HIPAA COMPLIANCE FOR THE CALL CENTER

HIPAA privacy and security rules apply not only to covered entities but also to their business associates. Business associates are defined as organizations that perform functions or activities on behalf of, or provide certain services to, covered entities that involve access to PHI. This means contact center software must be HIPAA compliant in order to be used by health insurance companies and hospitals in their call centers. 

Bright Pattern provides features that enable call centers using its software to be HIPAA/HITECH-compliant.

 

INFRASTRUCTURE FOR HIPAA COMPLIANCE

Bright Pattern’s infrastructure supports HIPAA compliance through these features:

• Multi-tier and multi-zone operation for HIPAA/HITECH-compliant enterprise and multi-tenant deployments 
• Separation of system and tenant-level functions — Tenants have access only to their own resources 
• Independent firewalling of system-level functions 
• Per-tenant data encryption keys
• Data encryption keys are protected by separately-stored encryption keys 
• Data encryption keys can be changed at any time 

 

ACCESS CONTROL FOR A HIPAA COMPLIANT CALL CENTER

Bright Pattern’s omnichannel contact center software offers comprehensive access control functions that offer role-based access control and comprehensive password protection. Our features include: 

• Password-protect user accounts 
• Password complexity rules enforceable at service provider level 
• Password encryption and masking
• Account lock-out with a configurable number of unsuccessful login attempts 
• Account deactivation without loss of configuration or historical data 
• Forced log-out of inactive user sessions 
• Role-based access control system
• Dedicated privileges for access to sensitive client data 

 

STORAGE AND TRANSMISSION OF SENSITIVE DATA IN A HIPAA COMPLIANT CALL CENTER

Bright Pattern implements comprehensive data encryption and data-protection protocols to ensure customer privacy in the call center. Here are some of the features Bright Pattern offers for safeguarding sensitive data: 

• Encryption of all data elements that are considered protected health information 
• Encryption of all forms of interactions, including voice recordings, screen recordings, email content, chat transcripts, etc.
• Options to disable logging of sensitive data in production mode 
• Use of secure protocols for external interfaces (SSL/TLS, HTTPS, SFTP)
• Rendering PHI unreadable in logs 

 

AUDIT TRAIL

Audit logs are regularly kept and updated by Bright Pattern contact center software. Audit logs contain information about all login sessions. Here are the features of our comprehensive audit log system: 

• System-level and tenant-level audit logs 
• Information about all login sessions (including unsuccessful login attempts)
• Logging of all admin-level operations 
• Complete audit records (timestamp, user, operation type, and affected resource)
• Dedicated privilege for access to audit trail
• Configurable audit trail storage times 

 

BRIGHT PATTERN — SECURE, OMNICHANNEL, HIPAA COMPLIANT CALL CENTER SOFTWARE

Ensure your client’s sensitive data is protected and encrypted during any interaction on any channel in your call center. In the healthcare industry, sensitive information is constantly being sent between clients and insurance companies, or clients and health care providers through call centers. With Bright Pattern contact center software, sensitive information is protected and encrypted while providing a seamless customer experience for every interaction on any channel. 

The Bright Pattern omnichannel contact center solution provides seamless communication with clients on any channel (e.g., voice, IVR, SMS, chat, messaging, video, etc.). Bright Pattern’s omnichannel capabilities means clients can switch effortlessly between all of these channels while agents maintain context and relevant information across all channels. Bright Pattern also integrates with any major CRMs, including Microsoft Dynamics 365, Salesforce, Oracle, ServiceNow, and Zendesk. All of this, while maintaining HIPAA compliance through comprehensive security features.