The following is a guest blog post by Erik Kangas, Founder of LuxSci.
Thanks to technological breakthroughs, communication in healthcare has evolved by leaps and bounds from the old days of paper filing systems, faxes, and phone calls. Although those methods are still widely used, there are faster ways to keep patients in touch with their medical practitioners, doctors, and nurses. Yet with a multitude of benefits come new risks: data breaches, unencrypted messages, and willful neglect that could bring about serious penalties from HIPAA. In order to fully take advantage of all that technology has to offer, the healthcare industry needs to know proper usage policies and to enforce adherence to HIPAA regulations. We might not be in the age of pagers anymore, but that just means that more precautions practitioners need to embrace the newly evolving world of healthcare communication.
Let’s take a look at how these methods of communication have changed over the years and what it all means for the security of ePHI.
Anyone involved in the healthcare sector has surely encountered a pager at some point in time. Healthcare is one of the last industries to use this aging technology, but messaging systems that are easier and faster to respond are slowly replacing them. With so many smartphones and devices that can instantly let you know whether there’s an emergency, there’s less reason to carry around a separate bulky pager.
An article at HealthITSecurity has this to say about pagers: “Communicating internally via pagers could still have some benefits, but there are now secure messaging capabilities that can assist with routine health issues, address patient questions or concerns, help monitor patient conditions, while also ensuring that patients can properly manage their own conditions.” In other words, with technology that’s so much quicker and more efficient, it might be worth finally letting go of the beeper in your pocket and switching to something that can do everything a pager can and more.
Pagers may not be as efficient as current tech, but certain organizations still believe they serve a purpose, especially critical messaging.
Email has become increasingly important in healthcare, increasing the scope of everyone’s efforts toward protecting patient privacy. Explained in this whitepaper about HIPAA and email, this security applies not only to personal information, but all Protected Health Information (PHI) –including a patient’s administrative, financial, and clinical information. Any health information related to an identifiable individual that is transmitted or maintained via email, or another medium, falls under HIPAA’s definition of PHI. That’s a huge amount of information that needs safeguarding if you want to continue using email to transmit healthcare data.
Ensuring that data remains encrypted on laptops, desktop computers, and all other devices is key to staying HIPAA compliant. While encryption can be costly to implement, it’s worth it to keep patients’ PHI (and other data) secure – and without it, an organization risks paying monumentally more in fines, in the case of a data security breach.
Given that data breaches frequently and increasingly occur in the healthcare sector, organizations need to ensure the continued safety of their patients’ data for both financial and personal reasons.
It’s also a wise idea to sign up with a security company that can handle the HIPAA compliancy of your inbound and outbound emails, as well as the security of your network as a whole. However, it’s still up to you to train your staff, review your HIPAA security policies, and keep a copy of the HIPAA Business Association Agreement that you signed with the security company.
Texting is pervasive as a method of healthcare communication, including using text messages to confirm appointments or deliver lab results to anxious patients. There are also plenty of texts exchanged between doctors and nurses in hospital environments, with many messages containing some form of patient information. All these transmissions fall under HIPAA regulations, and it’s very easy to unintentionally text patient data that could be intercepted, sent unencrypted, or stored in an external location like the cloud.
Sending health information via text is a clear HIPAA violation – even with seemingly harmless messages, like appointment reminders. The only case in which texting health information may not violate HIPAA is when the text is sent to a patient who has preemptively signed the proper consent form. Without patient consent and proper documentation, an organization can be fined up to $50,000 per text message, if the messages are found to be in violation of HIPAA’s rules. That’s a massive penalty for any organization.
As with email, it’s important to make sure that you encrypt and decrypt text messages properly, whether through common carriers, specialized apps for decryption, or customized programs that allow users to send and receive HIPAA-compliant messages without the worry of breaking regulation. You can send text messages securely, but it requires training and a financial cost to ensure the information stays safe and only the intended recipient reads it.
The Future of Compliant Messaging
“It’s not enough to decide it’s time to ‘jump on the bandwagon’ or secure messaging,” says HealthITSecurity. “Healthcare organizations need to realize that this communication is part of an evolutionary process, and it’s necessary to implement a system that can easily integrate with the facilities’ current capabilities.” Organizations need to recognize they can’t do compliance in various messaging systems piecemeal or from one staff member to another, they need to make it a blanket effort that ensures everyone is onboard. And while it may create a more convenient system, the legal ramifications of any slipups can more than outweigh the cost of encryption programs or specialized apps.
As long as there are security protocols in place, we’ll continue to see a growing role for secure messaging technology in healthcare.
Communication in healthcare was and is always about making services easier and more convenient for both medical staff and patients alike. With the constantly evolving nature of technology, more organizations can expand their services and share information faster than ever before. As long as HIPAA regulations and cybersecurity are in place, the healthcare sector ought to continually evaluate what new high-tech solutions work for them—and what old traditions could still have a place.