Is that text or email message you are about to send going to cost you up to $1,500,000.00?  

Each year more healthcare professionals are using mobile devices to communicate and collaborate in an effort to provide optimal care to patients across all healthcare settings.  Although mobile devices such as cell phones and tablets are extremely user-friendly and convenient to use, it is our moral and legal obligation to protect patient information.  

The penalties for failing to safeguard Protected Health Information are substantial at the personal and company level.  Many forms of communications such as SMS/text messages, Skype, unsecured email, etc. are not compliant with the Health Insurance Portability and Accountability Act (HIPAA).  

HIPPA Compliant Guidelines for LTPAC Patient Communications

Understanding the difference between HIPAA compliant and noncompliant forms of communications could possibly prevent a breach in security of patient information.  

The Security Rule lists a series of specifications related to technology to comply with HIPAA. Including but not limited to:

• All Protected Health Information must be encrypted for stored data and data in transmission.
• Each healthcare professional authorized to access and communicate Protected Health Information must have a “Unique User Identifier” so that his/her use of Protected Health Information can be supervised.
• The use of any technology to comply with HIPAA requires an automatic log off to prevent unsanctioned access to Protected Health Information when a mobile device is left unattended.

Although the Long Term Post-Acute Care (LTPAC) community has not been a “target” for HIPAA compliance audits in the past, their practices will soon come under scrutiny.  Each and every time a healthcare professional sends a communication containing Protected Health Information (PHI), the person should feel confident in the knowledge they will not cause an unintentional breach in security.

Many solutions are offered to healthcare professionals to assist in facilitating communications while remaining HIPAA compliant, such as secure text messaging and secure email.  Secure text messaging platforms, such as TigerText® are downloadable apps, which work with many operating systems.  With secure text messaging users have the convenience and mobility of using a cell phone and the security required to safeguard Protected Health Information.  Secure email is available from some email providers, who are willing to sign the HIPAA required “Business Associate Agreement”.  LTPAC providers should review their communication practices for any deficiencies, and implement policies and procedures to ensure HIPAA standards are upheld.  

Communication is not an area to overlook when reviewing HIPAA compliance in your company.