I know for most clinic/offices, there are vast amounts of integration with other healthcare providers. One doctor may have several patients who are being treated with home health or hospice, and the amount of Protected Health Information (PHI) used in these interactions can be staggering. Vast quantities of information being passed from one entity to another occur all day, and almost every day. The real questions doctors are asking themselves is how do I streamline the review process, so days are not spent just reading notes! You often end up using the most convenient way of communicating, which is your cell phone. Almost nothing is faster, or less labor intensive than a simple text message.
TEXT MESSAGES ARE NOT HIPAA COMPLIANT. Ok. Let me make sure you heard that correctly. TEXT MESSAGES ARE NOT HIPAA COMPLIANT. That being said, it can be in certain circumstances where texting/messaging is HIPAA Compliant. There are some things you need to know before you start firing messages away thinking you are in the clear though!
I really need to understand the liability you are taking on by using a personal hand held device for storing and transmitting Electronic Protected Health Information (ePHI). If you send a message to the wrong person, your phone is lost, stolen, or even misplaced (yes even if it was found the following year) you WILL be held liable for the lost records/information. Under the HITECH Act and Omnibus Final Ruling, The Office of Civil Rights (the enforcement branch of HIPAA) doesn’t even need to show proof of damages. This unfortunately is the just the start. When an audit takes place, the auditor uses the initial violation as the metaphorical thread to unravel your HIPAA compliance sweater. Data breaches leave you very vulnerable and open to more civil penalties during the audit process. The violations can pile up quickly if you aren’t extremely careful! It’s important to keep things very secure and, most of all, ENCRYPTED!
All IOS devices after 2010, most android devices introduced after gingerbread (2.3.4 or later) and some other smart phones and tablets can be encrypted. The iPhone is the easiest to encrypt, where a Windows phones go a step further requiring you to sync your phone with the company servers and push encryption to the phone. By activating the pin access code on your iPhone or pushed encryption to your windows phone, you effectively encrypt the device. Go one step further and activate the find my phone app on your, and you have two ways to keep a thief or innocent bystander from accessing things they shouldn’t.
HIPAA Conscious Apps
Tiger Text is one app that provides a great solution for in-company messaging over mobile devices. The app has some especially attractive features like, Message recall where you can set the lifespan of a message for especially sensitive content. It even allows for a remote wipe of your messages, and audit logs produce an easy access audit trail for HIPAA Compliance.
Spok Mobile This mobile communication app is tailored towards hospitals and large emergency care clinics. This app provides similar traceability and much more integration options for a large scale corporations. For example: This app allows for features like the capability to send picture messages and multiple ways to respond. You can choose whether you want to call a Nurse back, or send a simple instant message. This system will even integrate with some EMR systems. Spok Mobile is also great for large scale operations that need access to a staff directory.
DocBookMD is a great scalable option for any practice. It allows for Dynamic Director, where you can organize teams, and securely transfer documents over the cloud. Integrate call center functions, admit, discharge, transfer documents, and integrate into your existing Windows Operating system. This is a very versatile system and is compatible with Android, iPhone, tablet, PC, or Mac. They supply you with a Web interface portal. The part that has me won over, is the administrative functionality. Remote disabling of devices, add/delete users, set mandatory pin locks, resetting passwords, and tiered support options for all sizes. Of course they also offer all the analytics you need to provide a secure audit trail for a HIPAA Audit.
From an administrative standpoint you may want to use something like DocBookMD because of the ease of use and integration capabilities. On the other hand, every single app here got 3.5 starts out of 5 on the Google Play app store. In short, find the one that best suits your situation, but by no means should you send OPEN TEXT MESSAGES TO ANYONE, ANYWHERE, IF IT CONTAINS EPHI!
When you decide to integrate your new HIPAA compliant instant messaging app, remember to integrate that solution into your policies and procedures. If you aren’t making reasonable and appropriate measures to protect your ePHI, you could face serious fines!
The following link is a great resource checklist of things to consider when moving to a mobile solution for your practice. RESOURCE