One of the primary items in getting your call center to be SOC 2 compliant is the integration between your patient relationship management software / tool and your existing systems (EMR, EPM etc).
You need to follow a SOC 2 compliance checklist that guides you through these processes and includes measures like firewalls and malware protection.
You need to be able to demonstrate SOC2 compliance thus:
- Security protocols around how patient data is handled, how patient data access is tracked, time of access etc.
- Demonstrate training of employees to ensure that each customer service representative, supervisor, MIS personnel involved know security risks, procedures, and protocols
- Prove your compliance via extensive real-time and historical auditing of adherence to procedures and processes.
HIPAA compliance is not very far away from SOC2 compliance in the sense that access, transmittal, mode of transmittal of ePHI is to be managed, monitored, audited and reported on. There are some excellent guidelines for enabling HIPAA compliance in your call center (e.g. read here).