HIPAA Compliance is a Good Thing
Yes, you read that correctly. While it can be a pain in the [insert body part here] to become HIPAA compliant, there are benefits to HIPAA.
Most of you know what HIPAA is but let’s just review:
HIPAA Security governs any situation in healthcare where electronic patient protected health information (ePHI) occurs, regardless of whether it’s contained in, or transmitted through an electronic health record (eHR). HIPAA states that any organization must protect ePHI from accidental, unauthorized, or intentional theft, loss, or destruction by sources or individuals either inside or outside the organization. If you have ePHI in any form, you are subject to the HIPAA Security Rule. Failure to address and comply with the HIPAA Security Rule can subject your practice to severe fines and sanctions.
So how can HIPAA be a good thing? By its very definition the HIPAA Security Rule indeed represents good business practices that any business, whether in healthcare or not, should adopt. Beneficial principles concerning role-based security, data backup, using strong usernames and passwords, and software patch management are just a few “good things” to come out of HIPAA.
Let’s Get the Facts Straight
Now that we’ve established that HIPAA compliance is probably worthwhile, what does secure text messaging have to do with this?
Sadly, some think that you can’t be HIPAA compliant if you want to use the latest communication technologies, including texting (even though texting is actually over 20 years old, but hey, who’s counting…)! While some healthcare providers have moved on from pagers, most haven’t.
The fact is that texting can only improve communication between physicians, hospitals, and other healthcare related businesses. It’s efficient, allows information to be transmitted asynchronously and simplifies the traditional, laborious pager and callback workflow that hospitals and other organizations have used for years. In fact, a study conducted by the Robert Wood Johnson Foundation found that nurses waste as much as 60 minutes of each work day tracking down physicians for a response. Imagine the cumulative waste of time and added labor costs across our entire healthcare system these delays have caused.
Unfortunately, traditional text messaging is inherently nonsecure and noncompliant with HIPAA. Messages containing eHPHI can be read by anyone, forwarded to anyone, remain unencrypted on telecommunication providers’ servers, and stay forever on sender’s and receiver’s phones. In addition, senders cannot authenticate the recipient of SMS messages. Studies’ have shown that 38 percent of people who text, have sent a text message to the wrong person.
As a result, The Joint Commission has effectively banned physicians from using traditional SMS for any communication that contains ePHI data or includes an order for a patient to a hospital or other healthcare setting. A single violation for an unsecured communication can result in a fine of $50,000; repeated violations can lead to $1.5 million in fines in a single year, not to mention the reputational damage done to an organization and its ability to attract patients. (Yikes!)
HIPAA Compliant Texting!
A HIPAA compliant texting solution has (1) secure data centers—the company providing the texting solution stores its data in a secure data hosting facility (2) encryption—information, including ePHI, is encrypted from end-to-end (3) delivery confirmation—senders and recepients know when messages have been sent and delivered and (4) audit controls—the texting solution can create and record a trail of all messages containing ePHI.
When implementing a secure texting solution, doctors, nurses and staff can enjoy the following benefits:
- Shorten response times
- Improve the accuracy of decision making by having better information
- Allow multiple parties involved with clinical decision making to be looped in on the same message
- Allow for quicker interventions and improve patient outcome
- Securely communicate lab results, imaging results, patient procedures, and medical histories, allowing the physician to have more information readily available.
- Speed up on-call notifications
- Eliminate the hassle of callbacks
- Integrate with scheduling systems to create automatic notifications of pending events
There you have it! Embracing and adapting new technologies does not have to come at the expense of HIPAA compliance.