With growing HIPAA compliance enforcement, information security is a top concern to all healthcare organisations. The growing use of mobile devices in healthcare industry proportionately increases the risks and challenges of securing electronic protected health information (ePHI). The number of HIPAA violations are on the rise and many of them are caused due to the electronic devices storing ePHI. The importance of staff training and reviewing the organisation’s policies and procedures around the use of mobile devices like smartphones, laptops and tablets are greater than ever before.
Electronic Communication among Healthcare Organisations
Over 1 billion electronic communications take place in the healthcare industry monthly. Technology provides fast paced communication, which is a key advantage for the healthcare organisations. While texting provides faster communication between two providers, texting ePHI without proper safeguard will expose the organisation to the potential risk of data breach and costing financial burden and reputation amongst the patients. Creating awareness of these issues and training the staff members on a regular basis will reduce the risk greatly.
HIPAA Compliance and messaging
HIPAA act of 1996, required Department of Health and Human Services (HHS) to create standards for the use and disclosure of protected health information and addresses the security and privacy of patient’s healthcare information.The HIPAA provisions were amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Among other changes,HITECH extended direct liability for HIPAA violations to health care business associates along with the covered entities,dramatically strengthened the penalties for HIPAA violations and changes were made to enhance the enforcement environment.
The HIPAA security rule regulates the security of ePHI and it’s communication. The Security rule requires all healthcare covered entities (CEs) and their business associates to implement appropriate physical, administrative and technical safeguards to ensure the confidentiality, integrity and availability of all ePHI it creates, receives, maintains or transmits. [45 CFR 164.306(a).]. Administrative safeguards of the HIPAA Security rule includes conducting organisation wide security risk analysis and staff training. Physical safeguards cover the physical safety aspects of the business like locked server room, providing screen shields to prevent unauthorised views etc. Secure messaging and communication of the ePHi is covered under the Technical safeguard of the security rule. EHR 2.0’s HIPAA/HITECH Compliance Assurance offerings cover all aspects of these rules and help the healthcare organisation stay compliant.
Managing the Risks of Messaging Healthcare Data
The key step any healthcare organisation should take to avoid finding themselves violating HIPAA rule and being featured in HHS wall of shame is to do a thorough security risk analysis of their organisation. Based on its risk analysis, an organisation must develop a risk management plan that addresses its needs and vulnerabilities. Well-written policies and procedure detailing the use of mobile devices by the staff members including their personal devices should be in place.
Communication is an integral part of any organization. In the healthcare industry, the data used for communication is very vital. The knowledge of how to securely and efficiently communicate patient data for lab purposes, referrals, insurance exchange or with other third parties is very crucial and might cost the organization high fines if not done correctly.
Listen to our 50-minute webinar on HIPAA compliant messaging and communications options for healthcare organization by the industry expert, Samudra Vijay, Ph.D.,Sam is the president of Sam IT Solutions, a company providing managed IT and Cloud computing services, based in Research Triangle, serving small business and medical practices in the area.
Latest posts by EHR 2.0 (see all)
- Trump Administrations’ Effect on Healthcare Organizations - January 23, 2017
- HIPAA Fine for Lack of Timely Breach Notification - January 11, 2017
- HIPAA Compliance 2016 Year in Review - January 9, 2017