About Kirsty Watson

Community Manager at Bridge Patient Portal. Marrying her passion for healthcare with her experience in digital marketing.

Find more about me on:

Here are my most recent posts

Author Archives: Kirsty Watson

Community Manager at Bridge Patient Portal. Marrying her passion for healthcare with her experience in digital marketing.

Is WhatsApp® a HIPAA compliant telemedicine software?

Patient Engagement

Patient EngagementIn order for a communications platform to be considered HIPAA compliant, it must fulfill the following requirements:

  • Employ end-to-end encryption
  • Implement access control
  • Enable audit controls 
  • Sign a business associate agreement (BAA)

Recommended:  Zoom® is a HIPAA compliant telehealth software

WhatsApp® provides end-to-end encryption, but that does not mean that it is HIPAA compliant. There are other facets of HIPAA that must be satisfied before the software can be deemed compliant.

  1. Since WhatsApp® does not require users to enter a password for every session, it does not provide the required access controls.
  2. Because messages and attachments are easily deleted from Whatsapp®, audits cannot be conducted, which is necessary for HIPAA compliance.
  3. WhatsApp® lacks the controls to make sure all communications that contain ePHI (electronic personal health information) are completely deleted remotely once an employee leaves the employment of a Covered Entity.
  4. WhatsApp® has not agreed to sign a BAA with a covered entity.

HIPAA compliant telemedicine software

WhatsApp® is NOT a HIPAA compliant telemedicine software and should not be used to share ePHI or deliver online healthcare since doing so would violate HIPAA regulations. Healthcare professionals may use WhatsApp® for general communication or for providing de-identified PHI.

Recommended: Skype™ is a HIPAA compliant telehealth software

If healthcare professionals would like to leverage a HIPAA compliant video communication tool, some companies have already stated that they will enter into a HIPAA business associate agreement and follow HIPAA compliance regulations. The Office for Civil Rights (OCR) has provided a list of HIPAA compliant telemedicine software:

  • Skype for Business™
  • Updox®
  • VSee™
  • Doxy.me®
  • Google Hangouts™
  • Zoom for Healthcare®
  • Cisco® Webex Meetings / Webex Teams
  • Amazon Chime™
  • GoToMeeting™
  • Spruce Health Care Messenger™
  • Bridge Video Visits, powered by Zoom for Healthcare®

Bridge Patient Portal provides an all-in-one patient engagement software that is highly customizable, meeting some of the most complex needs of high volume, multi-specialty healthcare organizations including HIPAA compliant messaging.

DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge Patient Portal is not affiliated, endorsed, or sponsored in any way to the service providers mentioned in this article.

Community Manager at Bridge Patient Portal. Marrying her passion for healthcare with her experience in digital marketing.

Bridge’s Guide To The FCC Telehealth Fund

What is the FCC Telehealth Fund?

Federal Communications Commission (FCC) COVID-19 Telehealth Program authorized by the CARES Act will provide $200 million in funding to support healthcare providers in offering telehealth services to patients during the coronavirus pandemic. The COVID-19 Telehealth Program aims to fully fund telecommunications services for eligible healthcare providers. Funds can be used to purchase devices and software needed to provide vital telehealth services in response to the COVID-19 pandemic. This support will continue until the program’s funds have been depleted or the COVID-19 pandemic has ended.

Who qualifies for the FCC Telehealth Fund?

The COVID-19 Telehealth Program is open to healthcare providers/organizations that treat patients within the USA. The FCC Telehealth Program is limited to nonprofit and public healthcare providers, including:

  1. Post-secondary educational institutions offering healthcare instruction, teaching hospitals, and medical schools
  2. Community healthcare centers or healthcare centers providing healthcare to migrants
  3. Local health departments or agencies
  4. Community mental health centers
  5. Not-for-profit hospitals
  6. Rural health clinics
  7. Skilled nursing facilities
  8. Associations of healthcare providers consisting of one or more entities falling into the first seven categories  

The goal is to allocate funding to providers that serve areas which have been the most affected by COVID-19, and where support will be the most impactful on addressing the current healthcare challenge. 

Participants are chosen based on responses to the following criteria: 

  • Conditions to be treated
  • Goals and objectives to be achieved with the funding
  • Timeline for the deployment of the proposed service(s) or devices
  • Metrics that the applicant will use to help measure the impact of the funded services and devices
  • Geographic area and population served by the applicant
  • Whether funding will help high-risk and vulnerable patients

What products qualify for the FCC Telehealth Program?

The FCC Telehealth Program will support eligible healthcare providers to purchase telecommunications, information services, and connected devices required to provide telehealth services at this time.  

Eligible services and connected devices for funding include: 

  • Telecommunications and broadband connectivity services for healthcare providers or their patients.
  • Information services and online connected platforms for remote patient monitoring, patient-reported outcomes, the transfer of patient images and data, and video consultation. 
  • Connected devices/equipment such as tablets, smartphones, or other devices to receive care at home (e.g., broadband-enabled blood pressure monitors, pulse monitors, oxygen monitors), or telemedicine kiosks/carts for healthcare providers.

Vendors of eligible services and devices are not eligible to apply for funding. The program is also not intended to fund the development of new websites, systems, or platforms.  

How to acquire funding?

  1. Obtain an FCC Registration Number (FRN) from the Commission Registration System (CORES), as well as a CORES username and password. 
  2. Obtain an eligibility determination from the Universal Service Administrative Company (USAC) by filing FCC Form 460 through My Portal on USAC’s webpage. 
  3. Register with the federal System for Award Management (SAM)
  4. Submit an application 
  5. The FCC will review your request and may ask for additional information; from there, they will issue a funding decision.
  6. After purchasing services and or devices, healthcare providers that receive funding through the program will submit invoicing forms and supporting documentation monthly to the Commission.  
  7. After the reimbursement request is approved, payment will be issued electronically to the healthcare provider.

Contact us to discover how the Bridge Patient Portal can solve your remote patient monitoring and or patient-reported outcomes needs.

Community Manager at Bridge Patient Portal. Marrying her passion for healthcare with her experience in digital marketing.

The Rise Of Telehealth Software During COVID-19

Patient Engagement solution

Due to the outbreak of coronavirus disease (COVID-19) that was first reported in Wuhan, China, on December 31st, 2019, the public is turning to telehealth to prevent further spread of the virus. Telehealth is the use of electronic information and telecommunications technologies to support and promote long-distance clinical health care. Telehealth software allows healthcare providers to conduct consultations with patients while both parties maintain a safe distance, preventing the spread of the virus.

Payers & Telehealth

Before the COVID-19 crisis, some private health insurance providers covered telehealth consultations, though this significantly varied by the payer and across states. If telehealth consultations were covered, they were usually at a lower reimbursement rate.

Medicare would cover telehealth if the patient lived in a “health professional shortage area” that is outside a metropolitan area. Medicare also required that patients go to a designated healthcare facility to initiate a video visit. After the initial e-visit, the patient and their local provider could connect using telehealth technology. Video visits from home, or anywhere that was not within a designated “originating site,” were not covered under Medicare.

Medicaid’s telehealth coverage was based on state laws, as the federal Medicaid statute does not recognize telehealth as a distinct service. Telehealth was viewed as a cost-effective alternative to the more traditional face-to-face way of providing medical care. Fifty states and Washington, DC, provided reimbursement for some form of live video in Medicaid fee-for-service.

Families First Coronavirus Response Act & Telehealth

Due to the COVID-19, healthcare authorities have urged the public and healthcare organizations to make use of telehealth software. The federal Families First Coronavirus Response Act passed on March 18th, 2020, requires payers to waive the amount an individual would pay for telehealth. USA President Donald Trump announced that “Medicare patients can now visit any doctor by phone or videoconference at no additional cost, including with commonly used services like FaceTime and Skype.” During the pandemic, health care providers will not be subject to penalties for violations of the HIPAA Privacy, Security, and Breach Notification Rules that occur in the good faith provision of telehealth.

Telehealth Demand

Barriers that previously interfered with the use of telehealth software have been removed during this time. With the recent passing of the Families First Coronavirus Response Act, patients are not required to pay for telehealth consultations related to COVID-19 testing and treatment. Additionally, public knowledge of telehealth software capabilities has significantly increased. Patients are now seeking alternatives to reduce their costs associated with COVID-19 testing and treatment, and will likely become accustomed to the convenience of receiving care via telehealth. Furthermore, the new Interoperability and Patient Access final rule legislation promotes secure and straightforward access to personal health information by patients through ubiquitous technologies such as smartphones. And the trend in mobile app implementation by healthcare providers will further drive the adoption of telehealth.

Telehealth & Healthcare Organizations

Telehealth may seem like a new concept fueled by COVID-19, but in reality, telehealth software companies have been around for many years and are growing in popularity. (The expectation is that the changes as mentioned above will rapidly drive growth.)

CareClix was founded in 2010 and works with qualified practicing physicians to provide a wide range of telehealth services. CareClix accepts Medicare, Medicaid, and most private insurance plans.

MDLive was founded in 2009 and has multiple partnerships within healthcare systems across the United States; they also accept some health insurers, including Blue Cross Blue Shield (BCBS). MDLive provides the public with healthcare professionals who are available by phone or online video 24 hours a day to help patients answer questions about non-emergency related medical conditions.

In both cases, these companies are staffed with their own physician network. This means that they provide telehealth software and physicians. There are other vendors in the market that provide only the technology, which is then purchased by healthcare organizations to be used with their own physician network. Bridge Patient Portal is an example of a vendor that provides a platform for healthcare organizations to offer telehealth services to patients using their private providers. It’s essential to recognize the difference in approach here. There are many considerations in terms of the pros and cons of each model. There’s a risk when physicians step out of their primary care provider’s (PCP) network and go to a random telehealth provider for their care. One could say that when a patient’s private insurance company is promoting their own telehealth provider, they are essentially circumventing the patient’s PCP. An example of this is BCBS’ partnership with MDLive, where patients are encouraged to seek care outside of their PCP.

Unless brick and mortar healthcare organizations adopt telehealth platforms, they may lose the business of their patients. The rapid growth in demand for telehealth, and circumventing by private healthcare insurance companies, are leaving healthcare organizations scrambling to provide their patients with telehealth software. As a temporary solution, healthcare providers can leverage traditional video conferencing platforms for e-consultations. Once the crisis has subsided, healthcare providers will likely no longer be able to use telehealth in this manner — as the HIPAA waiver expires. In addition, healthcare providers will no longer be reimbursed for telehealth services through video conferencing platforms. Given the many challenges that exist today in sharing health records, it’s preferred that patients seek care with the same network of providers to reduce the duplication of care and diagnostic testing. But if a patient’s PCP can’t provide telehealth, they may be forced to seek care elsewhere.

Community Manager at Bridge Patient Portal. Marrying her passion for healthcare with her experience in digital marketing.

Is Zoom® a HIPAA Compliant Telehealth Software?

HIPAA compliant telehealth software

HIPAA compliant telehealth softwareAccording to the Families First Coronavirus Response Act passed on March 18th, 2020, congress requires payers to cover telehealth visits (with health care providers) that relate to COVID-19 testing, treatment, and consultations during the public health emergency. Reimbursement for telehealth solutions during this time is being provided for all patients, not only those with Medicare. During the COVID-19 pandemic, many healthcare professionals are scrambling to find a HIPAA compliant telehealth software.

Seeking a HIPAA compliant telehealth software during COVID-19

HHS has created new guidelines on HIPAA requirements and modified HIPAA’s Privacy Rule, which stated that healthcare organizations must use only secure methods of communication for telehealth visits. The Office for Civil Rights said that videoconferencing services normally not permitted under HIPAA may now be used by healthcare professionals for the good faith provision of telehealth solutions. This change in policy allows video conferencing platforms such as Zoom® to be used during this time of crisis.

Recommended: Is Skype™ HIPAA Compliant?

The Coronavirus pandemic has resulted in an increase in healthcare organizations leveraging video conferencing apps. In the past month, Zoom® has become one of the most popular choices for teleconferencing, registering a 535% increase in traffic. Previously Zoom® has maintained that they provide a HIPAA compliant telehealth software: Zoom® for Telehealth. This service claims to incorporate access and authentication controls, HIPAA compliant messaging is secured with end-to-end encryption and Zoom® has signed a HIPAA Business Associate Agreement (BAA).

HIPAA Compliant Telehealth Software

During the last few weeks, there have been several security concerns surrounding Zoom®. It has been reported that the company does not have end-to-end encryption as they previously claimed. This discovery makes Zoom® decidedly NOT HIPAA compliant.

Recommended: Is Whatsapp® a HIPAA compliant telemedicine software?

Is Zoom® HIPAA compliant?

If healthcare providers want to ensure that patient privacy is respected, they should reconsider the use of Zoom® as a HIPAA compliant telehealth software. Aside from the lack of end-to-end encryption, additional security concerns include videoconference hijacking, user data being shared with third parties such as Facebook™, and lapses in security that make Zoom® vulnerable to cybercriminals and malware. While Zoom® is willing to sign a BAA, which is a crucial step towards achieving HIPAA-compliance, there are too many security issues preventing HIPAA-compliance. Until these issues are fully resolved, we do not recommend Zoom® as a HIPAA compliant telehealth software.

DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge Patient Portal is not affiliated, endorsed, or sponsored in any way to the service providers mentioned in this article.

Community Manager at Bridge Patient Portal. Marrying her passion for healthcare with her experience in digital marketing.

Is Your Healthcare Patient Portal HIPAA Compliant?

What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) protects patients’ privacy by limiting access to PHI  (Protected Health Information) and governing acceptable use of their health data. The HIPAA Privacy Rule is composed of national regulations for the use and disclosure of PHI in healthcare treatment, payment, and operations by covered entities. 

What Is A HIPAA Patient Portal

A HIPAA Patient Portal is a form of patient engagement in which health care providers can share information with a patient. If said information includes PHI and medical records, the patient portal must be HIPAA compliant.    

Must I Have A HIPAA Patient Portal?

  • If you have a patient portal developed, provided by, or on behalf of a covered entity (health plan, healthcare clearinghouses, or healthcare providers), it must be HIPAA compliant.
  • If you are a business associate that stores, collects, processes, or transmits PHI on behalf of covered entities, your patient portal must be HIPAA compliant.

What Information Does HIPAA Protect?

Protected Health Information (PHI) is any information that is held by a covered entity regarding a patient’s health status, provision of health care, or health care payment.

There are 18 PHI Identifiers:

  1. Names
  2. All geographical subdivisions smaller than a State
  3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death, and more.
  4. Phone numbers
  5. Fax numbers
  6. Electronic mail addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers, including license plate numbers
  13. Device identifiers and serial numbers
  14. Web Universal Resource Locators (URLs)
  15. Internet Protocol (IP) address
  16. Biometric identifiers, including finger and voiceprints
  17. Full face photographic images and any comparable images
  18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data)

Tips For Offering A HIPAA Compliant Patient Portal?

  • Never Store Protected Health Information (PHI) on a mobile phone.
  • HIPAA compliant messaging requires you to exclude PHI in an SMS, email, push, or IVR notification. If you do include PHI in a notification, have your patients accept terms and conditions which permit you to use limited PHI in your notifications, clearly defining what PHI is included.
  • Always use a HIPAA-Compliant Hosting Service.
  • When working with a web design, hosting company, patient portal vendor, or healthcare app development company, always get a BAA (Business Associate Agreement). A BAA shares the responsibility for all patient information that is received by the company or handled by the patient portal they build.
  • Ensure a HIPAA expert audits the final patient portal. 
  • Have your terms and conditions created/reviewed by an attorney that specializes in HIPAA law.
  • Require patients log in each time to access PHI, with a 30-minute auto-logout. To make the patient portal more convenient and user-friendly, consider using face or fingerprint recognition for logins.
  • Conduct regular risk assessments. Also, regularly review records of system activity, including audit logs, access reports, and security incident tracking reports.
  • Maintain ePHI (electronic personal health information) integrity requirements by implementing information systems that provide features or processes for automatically checking data integrity. These include checksum verification or digital signatures and providing electronic mechanisms to ensure the integrity of ePHI.
  • Implement policies and procedures to protect ePHI from improper alteration or destruction.
  • Access controls must include unique user identification, emergency access procedure, and automatic logoff.
  • According to HIPAA, the information in a medical patient portal should be encrypted at all times – at rest and in transit.

What Are The Penalties For Not Being HIPAA Compliant? 

There are several levels of violations based on what a covered entity did or didn’t do.

  • A covered entity that did not know and could not have reasonably known of an ePHI breach could be fined $100-$50,000 per incident and up to $1.5 Million.
  • A covered entity that “knew,” or by exercising reasonable diligence would have known of an ePHI breach but didn’t act with willful neglect could be fined $1000-$50,000 per incident and up to $1.5 Million.
  • A covered entity that acted with willful neglect and corrected the problem within 30 days could be fined $10,000-$50,000 per incident and up to $1.5 Million.
  • A covered entity that acted with willful neglect and failed to make a timely correction could be fined $50,000 per incident and up to $1.5 Million

 

As you can see, being HIPAA compliant is extremely important and very costly if disregarded. Offer your patients a HIPAA compliant patient portal with Bridge Patient Portal.

Community Manager at Bridge Patient Portal. Marrying her passion for healthcare with her experience in digital marketing.

How Bridge Patient Portal Can Help You Meet Patient Needs During COVID-19

Patient portal

Bridge Patient Portal is an important part of how our clients communicate with their patients. At Bridge, we think its important to share ways that Bridge Patient Portal can be used to help our clients meet their patients’ needs during this challenging time.

The Bridge team is available to help with any of the below items, AT NO COST, as part of our commitment to providing our clients the highest level of support in these situations.

In-Portal Alerts

Throughout Bridge, clients are able to place an “Alert Message” (see the images below) to help educate patients on any changes taking place with a client.

Homepage Alert Message:

 

Appointments Alert Message:

 

Messages Alert Message:

 

There is also a “Custom Widget” which can be placed on the portal home page to provide detailed information, such as links to external resources (i.e. CDC), symptom information, visit/scheduling protocol, etc.

 

Mass Messaging (SMS & Email)

In the Bridge admin panel, clients can filter patients by many different criteria (i.e. age, provider, active portal account, etc.) then type in a message to be sent to all patients meeting the filter criteria. The message can be sent in an SMS or Email format.

Automated Pre/Post Visit Messages

Using the Bridge admin panel, clients can create automated email notifications to be sent before and/or after a certain appointment type. This could be used, for example, to educate patients on a new visit policy.

Telemedicine

Bridge is committed to fully developing its telemedicine solution in 2020. This has been many years in the making as the Bridge team has carefully watched the telemedicine market for trends, new innovations, and standout vendors. We will be working closely with our clients in the coming months to evaluate the best course of action for our telemedicine solution and explore partnerships with industry-leading vendors.

In the meantime, there are many features in Bridge to help our clients facilitate telemedicine encounters and online communication with their patients.

  1. Secure Patient-Provider Messaging – Bridge supports secure messaging between patients and providers or delegated to a provider’s team. Interface permitting, messages can be received and replied to in the provider’s EHR. Many questions can be answered in this way and for providers using patient-provider messaging already, this is the most commonly used feature in the portal. Educating patients that this is a reliable way to communicate with the provider for non-emergent questions, especially defining the protocol for when a message should be sent to a provider. This protocol can be shared with the patient in the messaging feature, using the “Alert Message” feature.
  2. Telemedicine Appointment Scheduling – Bridge offers appointment requests and self-scheduling functionality. Depending on the telemedicine program of a particular client, different options are available for helping patients schedule a telemedicine appointment. In first place, a telemedicine appointment type can be created, which would then allow better organization of provider schedules. If self-scheduling is already in use, a protocol that manages the times and providers that a telemedicine appointment can be scheduled can be created in Bridge. Again, using the “Alert Message” feature, clients can educate their patients on how to schedule a telemedicine appointment.
  3. Facilitating Video Conferencing – Once an appointment is scheduled a message can be sent to the patient with a link to the video conference. It’s important that whichever video conferencing solution is used, that it meets HIPAA requirements. (Improving this functionality is where Bridge will be investing most of its efforts in 2020)

DISCLAIMER: Client environments and the capabilities of their environments can vary. Some functionality may not be available in certain environments. Please speak with a Bridge client manager to learn more.

Community Manager at Bridge Patient Portal. Marrying her passion for healthcare with her experience in digital marketing.