Author Archives: Blog HIPAA

What is required for HIPAA Compliance?

What is required for HIPAA Compliance? Here’s a Checklist!

Lots of our visitors ask us “what is required for HIPAA compliance?” Because this is such an important question, we try to direct our visitors to the most trusted sources for HIPAA education. The most important aspect to remember is that a checklist based “solution” is my no means affective. What we do endorse is the ability to use a checklist to understand what aspect of HIPAA you are doing, and to recognize ones you may have looked over or need to address in further detail. We recommend taking a look at Compliancy Group who has two resources for your organization, whether you’re a Covered Entity or a Business Associate. First, we recommend reading and downloading their HIPAA compliance checklist. Or you can register for their HIPAA compliance checklist webinar!

Some of the key findings in the checklist highlight Business Associate Agreements, and also help point out the need for more than just a security risk assessment. As many are familiar with there is a need for HIPAA training, but we do appreciate how it points out the need for documentation of training and other attestations.

 

Please let us know any other resources you are looking for and questions you may have in regards to HIPAA compliance, and we would be happy to help!

 

 

 

Do you know your Business Associates?

Knowing who is a Business Associate can be difficult and confusing for Covered Entities. Through our surveys of the market BlogHIPAA has identified that most Covered Entities need help identifying their Business Associates, and do not understand how to confidently audit and determine if they are in compliance with HIPAA. We believe this webinar will be helpful in showcasing everything you need to know to help determine these issues in your practice and business . We have included a link below to register for this event.

Register Here.

 

 

 

 

Infographic: HIPAA Do’s and Don’ts

Violating HIPAA regulation is a serious offense, but the problem that many health care professionals face is the confusion surrounding exactly what’s required to be compliant.

Below, we’ve compiled a short list for you to reference when deciding if your health care operations comply with HIPAA regulatory requirements.

For more information about HIPAA, check out our in-depth write-up here.

hipaa-dos-and-donts

 

 

Benefits of mHealth: The Physician Perspective

As a physician, you’re used to the feeling of having your attention pulled in several directions at once. Many days, it can seem as if you just don’t have enough time to see enough patients, run all the tests you’d like, or even communicate with your staff. That’s why so many doctors and healthcare workers welcome the mobile health (or mHealth) revolution. The ability to communicate through text message is an easy way to keep everyone connected. It’s a great option to remind patients of their upcoming appointments without a phone call or to get their prescription filled without having to make a visit. mHealth is also creating stronger connectivity and collaboration for medical research, and since almost everyone in the healthcare industry carries a cellphone, it’s the fastest way to send a message to staff.

If you haven’t yet considered implementing mobile health within your medical facility, now is a good time to start, if only to make communication with patients and staff much more convenient. As mHealth becomes a hallmark of modern-day clinics, yours included, just ensure you keep it aboveboard in terms of HIPAA regulations (more on that later).

Here are three major benefits of the mHealth movement.

Better Access and Alerts for Patients

As little as 10 years ago, if patients wanted to see a physician for even the smallest ailment, they had to make an appointment over the phone and then possibly wait weeks for a diagnosis or prescription. While some clinics still take this approach, the more modern facilities are beginning to use mHealth to help get rid of the pain points that might keep patients from even making an appointment. If it’s too much of a hassle to make the trip to the clinic, then individuals could simply choose to neglect their health; mHealth is looking to change that.

Since almost everyone these days owns a mobile device and many more rely on texting as their main form of communication (over phone calls), it makes sense for physicians and healthcare workers to turn to texting as a way to reach out to their patients. Currently, practitioners use text messages to remind individuals of their appointments, inform them of important vaccinations, and even fill prescriptions. An article at Ausmed also notes that texting can help with HIV patients adhering to their ART medication, as well as providing support for people who are trying to quit smoking.

Another huge benefit of mHealth is the ability to send targeted alerts to patients. An article at HIMSS points out, in particular, that teenagers, with their busy schedules, can miss appointments and ignore phone calls. Yet, by using mobile alerts, there’s a much higher likelihood that they will read and reply to these messages. Since teens are leading the pack when it comes to communicating via text more than any other form of communication, it’s up to the healthcare industry to connect with them through that highly effective avenue.

The HIMSS article adds that text message alerts can also help as reminders to take care of one’s health with mobile tips. Whether the industry uses them as an alert or reminder to check blood sugar, keep up with a workout regimen, or get screened for STDs, mHealth can help physicians and healthcare workers connect more closely with teenagers and encourage them to stay more aware of their health.

Communication With Staff

Physicians and staff who have worked in the industry for many years undoubtedly carried a pager with them at some point in their careers. These days, smartphones have replaced that obsolete technology, so why not upgrade your methods of communication, too?

A piece at HIT Consultant includes the remarkable statistic that about nine in 10 physicians under age 35 own a smartphone and that texting is as second nature to them on the job as it is outside of work. “In many cases they use them to text with other MDs such as consulting physicians, subspecialists and hospitalists,” says the piece. There’s also the fact that texting’s quick receive-and-response rate can help boost productivity, as well as enable physicians to make faster decisions and receive medical information wherever they are.

Using mHealth to get in touch with staff at any time, or to send something like a group alert for an upcoming meeting, is making it much easier to keep in touch with other physicians, nurses, or specialists, as well as opening up a channel to share advice and knowledge, as needed. Rather than keeping physicians sequestered in their offices, texting is allowing communication to reignite among healthcare staff whether you’re down the hall or six floors away.

Clinical Research

Another area of the healthcare industry that’s seeing the benefits of mHealth is medical research and clinical trials. As with doctor’s appointments, individuals would have to physically arrive at a facility for monitoring and medical testing or trials. Now, texting is allowing patients to record their results and stay in contact with healthcare staff as they go through the phases of the clinical trials.

There’s even the ability to use texting as a form of outreach to find new participants for a study. The HIMSS piece touches on this and includes some use cases such as “personalized messages about compliance, dosing, collecting electronic patient recorded outcomes (ePRO) data or in the delivery of incentives for study participation.” Again, if physicians and medical staff want to better engage with a younger demographic, they need to do so through channels that teens and young adults use the most—that includes texting.

Keep HIPAA in Mind

However you choose to take advantage of mHealth’s benefits, remember that you always need to ensure your methods are HIPAA-compliant. That means you need to know that if you send medical records or electronic protected health information (ePHI) over text, you need to do it on a secure network and only if there’s no possibility a third party can intercept or read it. Failure to take necessary precautions could mean a breach of HIPAA and a hefty fine, as well as damage to a clinic or physician’s professional reputation. If you don’t document context, consideration, and patient consent, you’re in willful neglect and quite possibly assessed up to $50,000 for each text message.

Be sure you’re informed on how to text and remain HIPAA-compliant, the answer to “to text or not to text ePHI,” and the best method for texting ePHI. (Hint: It’s not through regular SMS). It may sound like a complicated undertaking, but there’s no leeway when it comes to ensuring that the privacy of your patients remains intact.

Has your clinic begun using mHealth in the workplace? Have you taken the necessary precautions for HIPAA compliance? Tell us how it’s going in the comments.

 

Contributed By: LuxSci founder Erik Kangas has an impressive mix of academic research and software architecture expertise, including: undergraduate degree from Case Western Reserve University in physics and mathematics, PhD from MIT in computational biophysics, senior software engineer at Akamai Technologies, and visiting professor in physics at MIT. Chief architect and developer at LuxSci since 1999, Erik focuses on elegant, efficient, and robust solutions for scalable email and web hosting services, with a primary focus on Internet security. Lecturing nationally and internationally, Erik also serves as technical advisor to Mediprocity, which specializes in mobile-centric, secure HIPAA-compliant messaging. When he takes a break from LuxSci, Erik can be found gleefully pursuing endurance sports, having completed a full Ironman triathlon and numerous marathons and half Ironman triathlons.

 

 

 

 

 

 

FREE WEBINAR and LIVE Q&A on HIPAA, Cyber Hacking & ePHI Security

In today’s healthcare environment, we have the dual challenge of compliance and security – that is, how do we stay compliant and stop cyber hackers from accessing our ePHI? In this webinar, we look forward to discussing the current state of cyber hacking techniques, ePHI security and HIPAA compliance.

Join eFax Corporate® for this informative discussion on:

  • Cyber hacking – the stages of a data breach, types of breaches, prevention tips
  • HIPAA compliance – HIPAA standard on encryption and integrity of transmission, compliance pitfalls
  • ePHI transmission – what is considered a secure transmission, common methods, how healthcare companies use cloud faxing to transmit ePHI

FREE-HIPAA-Education