I know a lot of doctors, dentists, and therapists who hire VAs or Online Filipino Specialists.
People always ask:
What about HIPAA?
Here are answers.
This is long on purpose. I wanted to include specific examples and specific wording to give you ideas and real world uses.
How does a VA in a medical practice work?
Here are some of the most popular ways doctors, dentists, nurse practitioners, chiropractors, therapists, and even veterinarians have used an OFS or VAs for their practice:
https://www.onlinejobs.ph/lp/medical-dental-veterinary
The 4 videos at the end of the page highlight specific jobs people are doing and what they do to comply with HIPAA.
Example 1
Here’s an extract from an email from a Canadian physician. He shared how he lets his patients know how an OFS has helped keep his practice running even during the pandemic.
Letting patients know who your assistant is and that they work overseas proactively is important. for medical practices in small communities this is far more secure than someone in person who likely knows a friend of a friend.
“In order to serve my patients better, we have hired staff who work remotely since the Covid Pandemic. This allows calls to be received and monitored after hours and allows for quicker turnaround of transcriptions and requisitions because the effective working day is extended. The confidentiality of your information is of course of primary concern. Please rest assured that we take every precaution to maintain digital security of your clinical records. If you have any questions or concerns please do not hesitate to discuss them with our staff.”
He mentions that it’s rare for his patients to raise additional concerns about remote workers having access to their medical records. He has a response for all of them, which, I think, makes a lot of sense.
1. Having staff in the Philippines means that there is no incentive to gossip about test results of someone who is known. My staff don’t live in the community. They have nobody to gossip with and no incentive to do so. (Compared to local staff who might know the patients directly or indirectly who might intentionally or inadvertently say something they shouldn’t )
2. The staff that work overseas have no idea who you are. Which is a good thing. They can focus on the issue for which you were referred.
3. I do Orthopedic surgery. Your broken wrist specifics are not the same as an STD clinic visit. So it might not be possible to generalize.
4. The lab and imaging results are stored off site on a server anyway. Those servers are halfway across the country. The digital connections are equally secure either way. Probably less secure when I access data on my phone than when my staff in the Philippines access data. VPN. SSL. (Honestly I don’t know what these terms mean)
5. My staff are professionals who observe confidentiality requirements that are generally expected for staff in the medical field. They are not going to breach confidentiality inappropriately and risk a job that pays much better than the average local wage for their profession.
When I say the standard response includes… I mean that I have had 5 conversations about overseas staff in total. Ever. (Above are the 5 issues I recall)
I first hired remote staff in March 2020 at the start of covid pandemic. Patients loved that calls to the office still got answered. Telling them proactively that the calls were being handled remotely (and overseas) pre-empted any serious discussion.
1 conversation a year is fine by me.
Example 2
Here’s more from Paula’s medical practice:
I’ve hired an in-house front desk, biller, surgical scheduler, and executive assistant for my medical practice. I’m working on hiring more. I’m exceedingly grateful for the outstanding and dedicated talent I’ve been able to hire, and for all the cultural insight you’ve shared which has made success possible. My VAs have all expressed how grateful they are for their jobs.
My OFS is amazing and my patients comment on how wonderful he is (which is rare for a medical practice). My patients have told me things such as, “I’m surprised nobody steals him,” referring to my VA, because he’s wonderful. A 70-year-old cataract patient started tearing up in my chair when recalling how sincerely kind and helpful that “nice young man” on the phone was with her. She was touched that there are “good young people in this world.”
I depend so much on my OFS. I’d be lost without them and my business might cease to function. The OFS I described has an incredible IQ an amazing conscience to match it, and his attention to detail and work ethic and outstanding English that are unparalleled. My other OFS are great too.
How do you protect patient information when working with an OFS?
1. Have your VA sign an NDA. Super simple. Contracts (like NDAs) carry heavy weight in the Philippines.
2. Start training your VA on HIPAA as soon as you hire them. Filipinos are very good at following rules, especially when there’s formal training towards it.
3. The Philippines has its own equivalent to HIPAA, the Data Privacy Act of 2012. It’s even stricter than HIPAA because it covers personal information handled by any business, not just medical or patient information. If found guilty, the person could face jail time and a fine of up to four million pesos. They’re not going to risk their jobs, go to jail, or go bankrupt just to have access to information.
They don’t want to steal your info. There isn’t a magic black market Filipinos know about that you don’t. Across hundreds of thousands of employers hiring, I’ve never seen a VA take info to sell on the black market.
How do I make sure that my OFS is HIPAA compliant?
If you want to hire someone who’s already trained on HIPAA, you can go to Onlinejobs.ph and type “HIPAA certified” in the search (include the quotation marks). It will show you a list of HIPAA-certified workers ready to hire.
HIPAA-certified workers have undergone full training and taken the test. They know what software, tools, and equipment are HIPAA compliant. They understand HIPAA’s importance and know how to protect patient information.
If you want to be doubly sure, ask them when they got certified. Most certificates are only valid for a couple of years, so they need to stay updated with their HIPAA training to keep that certification.
How to improve HIPAA compliance?
You can give your OFS paid HIPAA training, no different than what you’d do locally. That’s what Lauren did with her OFS.
Hi John, I adore my VA. She’s handled my calendar, my billing, and my EHR organization including managing diagnostic codes for me for over a year.
I did a brief loom video discussing why confidentiality is important and sharing some simple tips of protecting who sees her screen, not including client info in screen recordings she does for me, etc.
I also had her do a HIPAA training which issues her a certificate for $50ish that she could add to her resume and paid her for the hours to comport it right up front. In slack, we use first name last initial only.
It’s easy to comply with HIPAA and have a VA! And my VA is magic for my practice giving me back 5-10 hours per week of space.
How to keep data local so it doesn’t go to the Philippines?
I always want to ask “How is hiring a VA different than having a local remote worker?”
The one response is that the data goes across borders.
Ok, fair.
Here’s how to change that.
In your office set up a separate computer just for your VA. Set up VNC or TeamViewer or any Remote Desktop management.
You can face the monitor towards a wall so nobody can see it.
Then have your VA remote login and work from that computer. The info never leaves your office.
Conclusion
I’ve seen thousands of medical practices hire VAs. You can too.
John