The Health Insurance Portability and Accountability Act, established in 1996, has guidelines around the protection of personal health information and mandates that certain minimal levels of security be in place when sharing patient data electronically. In essence this means that communications between caregivers (doctors, nurses, pharmacists, specialists, physical therapists, administrators, etc.) needs to be encrypted in some way. This can make the transition to a more modern communications and data infrastructure challenging.
To learn more about how HIPAA impacts communications and data sharing in healthcare organizations, I spoke with Gino Andreozzi, the VP of Healthcare Solutions at Mutare. “Essentially the law says that anytime ‘Personal Health Information’ is being exchanged between healthcare stakeholders it has to be protected,” explained Andreozzi. “This means if caregivers need to share details on a patient, their billing records, their disease or diagnosis, the medications they have been prescribed, or other specific components of their care plan, that data and communication needs to be encrypted.”
Different Types of Communications and HIPAA
Voice Communications in HealthcareOh yeah, except for phone calls. “Phone calls are the big exception and are really the only type of healthcare communications that don’t need to be encrypted,” explains Andreozzi. “This is a big reason that pagers (yes, pagers!!) are still a $1 Billion industry in the U.S., because they don’t pass along patient data and caregivers are forced to communicate via phone.” I like chatting on the phone as much as the next guy, but I think we can all imagine how replacing pagers and leveraging smartphone, tablet and computing capabilities beyond voice, especially since all the caregivers are already walking around with powerful computers in their pockets, could lead to significant process improvements. However, those types of improvements must meet HIPAA guidelines.
So Voice No, But What About Voicemail?It seems like if phone calls are an exception, a doctor leaving a voicemail for another caregiver probably is too, right? Not so fast. “Voicemail is stored digitally,” explains Andreozzi, “so while that data is at rest and while it is being used, the voicemail has to be encrypted.” This is especially important when modern UC capabilities are utilized, like the transcription of voicemail and the notification and delivery of the message details and voice file via electronic means. In this scenario, it is not only the voicemail that needs to be encrypted, but also the email or SMS message and the voice file delivered to the recipient.
Email and HIPAA
According to Andreozzi, because of HIPAA, email in healthcare can sometimes be more of a hassle than it is worth, especially when sharing detailed personal health information. “Email is tough, because you can start with an encrypted email, but on its journey it goes through multiple gateways. If it bounces around through non-encrypted gateways, that can mean the email has become non-compliant.” Maybe this explains why my doctors never reply to my emails!
Text Messaging and SMSHealthcare workers, just like the rest of us, love to text. And many doctors and nurses are already using their tablets and smartphones to share patient information and improve care - unfortunately this often happens outside of HIPAA guidelines. According to Andreozzi, texting and SMS are some of the highest risk areas relative to HIPAA. A smartphone or tablet will utilize whatever signal or network is available to it, and without the right software in place, those communication can be insecure.”
Telemedicine and HIPAATelemedicine is a rapidly growing area of medicine. Not only are doctors collaborating with each other on specific cases (and even surgeries) remotely via video, but patients are getting in on the act with telemedicine kiosks at their local pharmacy or grocery store where they can have a virtual face-to-face with a doctor potentially hundreds or thousands of miles away. Needless to say, these visual communications interactions must be encrypted to meet HIPAA guidelines.
“At the end of the day, the doctors, nurses and other caregivers know that they can improve patient care by leveraging modern technology and communications, and they are already doing it, even if it sometimes falls outside of HIPAA guidelines,” says Andreozzi. “Between this and the pressure that the Affordable Care Act is putting on healthcare organizations to improve quality, lower costs, healthcare administrators, CIOs and the CMIO’s (chief medical information officers) are beginning to move quickly to deliver the secure communications and data sharing platforms necessary to enable improved collaboration regardless of communication type.” This is going to be a fascinating market to watch over the next several years. Stick with The UC Buyer for more healthcare insights.