Tag Archives: HIPAA compliant software

Consolidate Your Software For Patient Engagement To Avoid Security & Compliance Risks

Healthcare organizations strive to provide the best patient engagement experience possible. In order to do this, many organizations result in implementing piecemealed solutions to provide all the features patients demand today.

In-demand features include:

This patient engagement strategy may end up costing healthcare organizations and patients in the long run, as siloed patient engagement programs increase security and HIPAA compliance risks. Implementing a singular, consolidated patient engagement solution that includes in-demand features can mitigate security and compliance risks in multiple ways.

1. Respect Patient Communication Preferences

There are multiple ways a healthcare organization can communicate with their patient population. Any tools used to communicate with patients must respect a patient’s communication preferences.

Methods of communication can include the following:

  • IVR (Interactive Voice Response-based calls also support user-input responses like “Press 1 to confirm, or 2 to cancel your upcoming appointment.”)
  • SMS
  • Email
  • Push notifications
  • Bidirectional patient text messaging (via a patient portal or mobile app)

To support the quality of care for patients, healthcare organizations should have correct patient engagement data such as contact details in addition to updated communication preferences. Providers can then more effectively reach patients and relay important information about their care, including appointment reminders, lab results, medical bills, and educational materials. Patients are more inclined to update their communication preferences and contact details on only one patient engagement platform, rather than performing the same task across multiple patient engagement systems used by the same healthcare organization.

Updated information within the healthcare organization should be shared with all patient engagement programs, including the organization’s source systems, such as Electronic Health Record (EHR), Revenue Cycle Management (RCM), and Practice Management (PM) systems. When using more than one software for patient engagement, healthcare organizations should ensure these systems can effectively communicate with each other so that any data updated within one system is shared with all other systems. If this integration is not in place, patient engagement data must be manually updated within all systems. Failure to honor a patient’s communication preferences may result in a HIPAA violation.

Recommended: How to Send Automated Medical Appointment Reminders Without Jeopardizing Patients’ Data Security

2. Ensure HIPAA Compliance

To be HIPAA compliant, healthcare organizations must conduct regular risk analyses, covering all software for patient engagement that interacts with electronic protected health information (ePHI). Risk analyses identify potential risks to the confidentiality, integrity, and availability of ePHI. Any risks and vulnerabilities identified must be mitigated to a reasonable and acceptable level to avoid penalties. It’s easy to ensure that one consolidated patient engagement solution is HIPAA compliant (versus a mixture of fragmented tools) and that the patient engagement solution provider will sign a business associate agreement. HIPAA also requires encryption at rest and in transit for all stored and transmitted ePHI between your connected patient engagement programs

software for patient engagement

3. Prevent Security Breaches

When a healthcare organization has multiple patient engagement programs connected to their source system (EHR, PM, RCM, LIS, RIS, etc.), they increase the risk of a security breach. This is due to the higher number of access points that have been opened for these systems. There is an increased risk of data becoming corrupt/damaged within the patient database as more software/systems are permitted to view and edit patient data. Managing one piece of software is more straightforward than ensuring multiple solutions are operating safely and securely. Furthermore, it’s easier to conduct a cybersecurity gap analysis within a centralized software solution.

Improve operational efficiencies, prioritize security and HIPAA compliance, and bolster patient satisfaction by consolidating your patient engagement solutions into a feature-rich, client-branded web application or mobile app. Bridge helps healthcare organizations streamline their business processes and enhance patient engagement with an all-in-one solution capable of retiring “one-off” tools.

Pablo, our Chief Information Security Officer, architected and manages Bridge’s HIPAA-compliant hosting infrastructure. He is an Amazon Web Services (AWS) Certified Solutions Architect and is about to receive a Masters degree from the University of Buenos Aires in Computer and Information Systems Security and Information Assurance. He has a passion for all things related to cybersecurity and cloud hosting.

Is Zoom® a HIPAA Compliant Telehealth Software?

HIPAA compliant telehealth software

HIPAA compliant telehealth softwareAccording to the Families First Coronavirus Response Act passed on March 18th, 2020, congress requires payers to cover telehealth visits (with health care providers) that relate to COVID-19 testing, treatment, and consultations during the public health emergency. Reimbursement for telehealth solutions during this time is being provided for all patients, not only those with Medicare. During the COVID-19 pandemic, many healthcare professionals are scrambling to find a HIPAA compliant telehealth software.

Seeking a HIPAA compliant telehealth software during COVID-19

HHS has created new guidelines on HIPAA requirements and modified HIPAA’s Privacy Rule, which stated that healthcare organizations must use only secure methods of communication for telehealth visits. The Office for Civil Rights said that videoconferencing services normally not permitted under HIPAA may now be used by healthcare professionals for the good faith provision of telehealth solutions. This change in policy allows video conferencing platforms such as Zoom® to be used during this time of crisis.

Recommended: Is Skype™ HIPAA Compliant?

The Coronavirus pandemic has resulted in an increase in healthcare organizations leveraging video conferencing apps. In the past month, Zoom® has become one of the most popular choices for teleconferencing, registering a 535% increase in traffic. Previously Zoom® has maintained that they provide a HIPAA compliant telehealth software: Zoom® for Telehealth. This service claims to incorporate access and authentication controls, HIPAA compliant messaging is secured with end-to-end encryption and Zoom® has signed a HIPAA Business Associate Agreement (BAA).

HIPAA Compliant Telehealth Software

During the last few weeks, there have been several security concerns surrounding Zoom®. It has been reported that the company does not have end-to-end encryption as they previously claimed. This discovery makes Zoom® decidedly NOT HIPAA compliant.

Recommended: Is Whatsapp® a HIPAA compliant telemedicine software?

Is Zoom® HIPAA compliant?

If healthcare providers want to ensure that patient privacy is respected, they should reconsider the use of Zoom® as a HIPAA compliant telehealth software. Aside from the lack of end-to-end encryption, additional security concerns include videoconference hijacking, user data being shared with third parties such as Facebook™, and lapses in security that make Zoom® vulnerable to cybercriminals and malware. While Zoom® is willing to sign a BAA, which is a crucial step towards achieving HIPAA-compliance, there are too many security issues preventing HIPAA-compliance. Until these issues are fully resolved, we do not recommend Zoom® as a HIPAA compliant telehealth software.

DISCLAIMER: All product and company names are trademarks™ or registered® trademarks of their respective holders. Bridge Patient Portal is not affiliated, endorsed, or sponsored in any way to the service providers mentioned in this article.

Community Manager at Bridge Patient Portal. Kirsty is an experienced marketer with a demonstrated history of working in the medical and software industry. She is skilled in digital marketing, including SEO copywriting. Kirsty marries her passion for healthcare with her experience in digital marketing.

Bridge Leverages HIPAA Compliant eConsultations


With goods and services increasingly moving online – and with patients prioritizing other factors besides just quality care – it has become a necessity for healthcare organizations to start looking for new ways to improve the overall patient experience. Video consultations are one such solution, and they are gaining traction quickly in the healthcare space. In fact, web companies such as Teladoc, Doctor on Demand and American Well were expected to host some 1.2 million such virtual doctor visits in 2016, up 20% from 2015, according to the American Telemedicine Association. A report by IHS takes this one step further and predicts that the the U.S market alone will perform 5.4 million video consultations in the year 2020.

As part of Bridge Patient Portal’s commitment to helping healthcare organizations enhance patient care and increase revenue, we offer a secure, HIPAA-compliant eConsultation platform. Our platform is designed to bridge the gap between doctors and patients by providing high quality communication without requiring users to download additional software or install plugins. It presents an opportunity for healthcare organizations to improve treatment outcomes and deliver more efficient care by meeting patients where they are. The types of communication available in our platform are the following:

  • Telephone calls: Patients inform their provider of their availability and provide a phone number where they can be reached for the call. The provider will contact them at that time via the patient portal.
  • Secure messaging: Patients have the ability to message their providers in real time all within the confines of the portal. Communication may only be initiated by the physician or office staff, but patients can respond.
  • Video Consultation: While not a standard feature of the platform, Bridge does have the ability to utilize different video consultation technologies. WebRTC is an example of a technology that can be used to facilitate video consultations via the portal.

By integrating different communication technologies into our platform, we are able to provide a cost-effective solution for healthcare providers to deliver the best experience possible to their patients. We also ensure that all communication that takes place on our platform is HIPAA compliant, for example, WebRTC encrypts media streams with 128-bit Advanced Encryption Standards.

When it comes to billing, our healthcare platform can be customized to suit your needs and preferences. You can choose to set an eConsultation rate for phone calls, or set up a pre-pay credit system for patients to use towards online consults. Your patients’ credit card information can be kept on file, and billed before or after their visit.

To learn more about our platforms highly secure, eConsultation feature and how it can benefit your organization, call us at 866-838-9455

Blake joined Bridge Patient Portal in 2016 after transferring from our parent company Medical Web Experts. Since then, he’s acted as Bridge’s Business Development Manager. Blake is passionate about driving collaboration with clients, partners, and internal teams to achieve performance goals and successful relationships.

5 Things to Consider Before Implementing e-Prescribing

e-prescribeOffering important advantages like fewer errors, decision support, improved adherence, and reduced adverse drug events, e-prescribing has skyrocketed in the past several years. In April 2014, 70% of physicians were issuing Surescripts network e-prescriptions and 96% of community pharmacies were enabled to accept them.

If your practice is not on board yet, a few key points can help you optimize e-prescriptions for better care management.

1. Determine how your physicians can use e-prescribing as a care management solution.

Any system change faces challenges in adoption. Ideally, the e-prescribing option you go with will fit and build on your practice’s current workflow. Examine the prescription process and assess your practice’s medication management needs. Asking physicians what tools would help them do their jobs better generates buy-in and yields the best results.

2. Consider your patient population and take time to teach them about the new system.

Younger, tech-savvy patients are likely to welcome the switch to e-prescriptions. This population will be eager to take advantage of new opportunities like reminders to take meds, e-requests for refills, and access to drug information through patient portals.

Meanwhile, older patients will need more orientation on these tools. Build in appointment time for explaining the new process. For patients who are not comfortable going virtual, consider coupling e-prescriptions with printed ones or providing medication fact sheets. An effective care management solution should take into account patient as well as physician needs.

3. Select priority functionalities like remote patient monitoring or HIPAA-compliant patient portal integration.

While automated checks on duplicates, dosage, allergies, and drug interactions are fairly standard decision support features, think about other functionalities you want to prioritize in your choice of an e-prescribing system. If your physicians are on board with remotely monitoring medication adherence, you may want a system that offers a mobile phone app. Patients can track when they take their meds and record any symptoms, and physicians can feed this data back into treatment plans.

4. Opt for a format that fits your budget and timeline.

A stand-alone e-prescribing system will have a lower annual cost than a full EHR solution. It will also be easier to train your team on and will lead to enhanced efficiency faster. Meanwhile, the more expensive EHR-integrated system will take longer to implement.

The obvious advantage of the latter is that, once in place, it will serve as a one-stop shop. On an EHR-integrated system, physicians can access not only medication histories, but also diagnosis history, test results, and insurance information as they make prescription decisions. A comprehensive option with a remote patient monitoring aspect or HIPAA-compliant patient portal integration also translates to more training time up front.

5. Factor in direct costs, indirect costs, and opportunities for cost-saving.

In addition to annual software licensing fees, you may need to buy and maintain new hardware. You will also have to invest time for staff training, while the transition requires substantial work on the part of management staff. Short-term lost productivity is unavoidable, and you should account for this cost. On the flip side, there are opportunities to obtain free systems or financial aid through private, state, or federal sources, including Meaningful Use EHR Incentive Programs.

An analysis of the challenges and opportunities of switching over to e-prescriptions at your practice is essential to a successful transition.

Blake joined Bridge Patient Portal in 2016 after transferring from our parent company Medical Web Experts. Since then, he’s acted as Bridge’s Business Development Manager. Blake is passionate about driving collaboration with clients, partners, and internal teams to achieve performance goals and successful relationships.

The Benefits of Outsourcing Healthcare Software Development

Nearshore Americas’ whitepaper “
Healthcare Software: The Argentine Advantage” highlights many benefits that Argentina has for outsourcing healthcare software development over its offshore rivals. Here are the key reasons for partnering with a nearshore developer in Argentina: (more…)

Blake joined Bridge Patient Portal in 2016 after transferring from our parent company Medical Web Experts. Since then, he’s acted as Bridge’s Business Development Manager. Blake is passionate about driving collaboration with clients, partners, and internal teams to achieve performance goals and successful relationships.

Do SaaS Software Applications Contain HIPAA Compliant Cloud Hosting?

cloud securityAs a provider of patient portal, SaaS software and hosting solutions to the medical industry, we get asked this question a lot. Unfortunately, there’s very little information available on the internet that addresses this specific issue – and what does exist is generally false or a part of a sales pitch by a company trying to market “HIPAA Compliant Cloud Hosting” or other HIPAA-compliant health IT solutions.

Before we can answer this question correctly, we must first understand what HIPAA is and how it relates to software, hosting and other healthcare IT solutions.

The Health Insurance Portability and Accountability Act was enacted in 1996 to address the growing use of technology in healthcare, specifically the transaction of health information between providers, employers and health insurance plans. You don’t need to read the entire 349-page document to understand a few important principals of HIPAA.

Here are a few things you should know about HIPAA.

1. HIPAA makes almost zero reference to technical specifications required for hardware, software, security, etc. Even if it did, it would be completely out of date since its publishing in 1996, and surely would not contain much relevant information pertaining to new technologies like SaaS software and cloud hosting. Therefore, it’s important not to read into false claims made by companies about the use of certain brands of firewalls, servers, operating systems or server architectures.

2. You cannot be “HIPAA certified.” HIPAA is a set of rules and best practices. There is no certifying body for the government that certifies software, hosting companies or health organizations on HIPAA.

3. You can be audited by a variety of governing bodies for HIPAA compliance. Other certifications do exist that may include some of the rules or best practices found in the HIPAA guidelines. Some of these certifications include:

a) SSAE16 – An auditing standard created primarily for the financial services industry verifying hosting companies’ physical and software security standards. Hosting companies that are audited receive reports demonstrating compliance for SOC 1, SOC 2 or SOC 3.

b) ONC-ATC – A certification for healthcare software companies to certify their software on a variety of security and functional items.

In consideration of the above items, the answer when it comes to considering cloud servers and SaaS applications HIPAA-compliant is that one must consider the use of these technologies as only a part of the big picture on how this is used. If there was a HIPAA certification for SaaS software, it would not guarantee HIPAA compliance as there could be faults in the hosting, the computer being used or the user using the software in a public place un-shielded by the public’s eye.

There is no specific provision in the HIPAA guidelines that opposes the architecture of a cloud server, VPS server or SaaS application (even though by nature these are “shared” architectures). One must, however, consider the HIPAA guidelines that do exist that pertain to encryption, user authentication and other “best practices.”

This article was originally published on the Medical Web Experts blog.

Blake joined Bridge Patient Portal in 2016 after transferring from our parent company Medical Web Experts. Since then, he’s acted as Bridge’s Business Development Manager. Blake is passionate about driving collaboration with clients, partners, and internal teams to achieve performance goals and successful relationships.