Don’t Breach HIPAA While Messaging & Texting Patients
Secure messaging, video conferencing and social media are all useful communication tools for physicians in light of the accelerating digitization of the healthcare industry. Social media outlets, in particular, are a seductive alternative to traditional communication channels, such as email and telephone, as they allow users to be connected at a moment’s notice.
Using services such as these can allow practices to strengthen the physician-patient relationship and can even lead to improved medication adherence and better treatment outcomes. In fact, according to a study conducted at an Australian university, people tend to value video feedback over written comments. For physicians, this means that sending patients home with video instructions for taking medications and following a care plan could have a higher payoff than traditional handouts.
Of course, the challenge is ensuring that the communication methods used meet HIPAA standards.
Social media data breaches, such as last year’s Snapchat leaks (although the photos and videos vanish after a chosen number of seconds, it turns out the company does store them), are rampant, and incidentally, tend to not be HIPAA compliant. Skype is also not HIPAA compliant and should not be used to communicate with patients.
For video conferencing and secure messaging, two companies that can be trusted with HIPAA compliance include Bridge Patient Portal and VSee, NASA’s official video-conferencing platform on the International Space Station. Both companies adhere to important HIPAA requirements including:
- All audio/video communication is securely encrypted and transmitted from point-to-point such that even the company does not have access to any identifiable health information that may be communicated.
- As required under the Business Associate Agreement, the company agrees to be responsible for keeping all patient information secure and to immediately report any breach of personal health information.
Protecting Your Medical Practice From Potential HIPAA Liability
The following seven recommendations can help you ensure HIPAA compliance:
- Request audit, breach notification and other information from the software companies that you choose to work with.
- Have patients sign HIPAA authorization and separate informed consent as part of intake procedures when using web-based platforms.
- Develop specific procedures regarding use of video conferencing and messaging platforms (interrupted transmissions, backups, etc.).
- Train workforce on the use of these platforms.
- Exclude the use of these platforms for vulnerable populations (i.e., severely mentally ill, minors, those with protected conditions such as HIV).
- Limit to certain clinical uses (i.e., only intake or follow up).
- Use secure platforms with audit trail, breach notification and other capabilities.
If you take away one thing away today, remember to evaluate platforms by their approaches to encryption, the Business Associate Agreement, and audits and breaches.
This article was originally published on the Medical Web Experts blog.