If you work in the healthcare industry, you already know how crucial it is to protect your patients’ health information (PHI) in compliance with HIPAA regulations. Your practice can be fined up to $1.5 million for unprotected PHI, even if the breach is accidental or unintentional.
For this reason, texting to mobile devices has become a big concern for many health care leaders. Use of mobile devices for texting PHI poses a number of risks because the sender of the message doesn’t have absolute control over who can access the message once it has left their mobile device.
Plus, stolen or lost mobile devices containing unsecured patient health information has caused numerous reported breaches and enforcement actions in the past several years. Last year, the US Department of Health and Human Services’ Office for Civil Rights was awarded $4.3 million in a case against the University of Texas MD Anderson Cancer Center, which involved a stolen unencrypted laptop and the loss of two unencrypted USB drives. The devices contained electronic PHI of more than 33,500 individuals.
What if your virtual receptionist lost their cell phone with text messages containing PHI? And is it even ok for your virtual receptionists to text you or your staff information related to patients, to begin with? It is, but only if you have these safeguards in place:
1. Truly HIPAA Trained
Virtual receptionists and answering services can claim to be HIPAA trained and operated, but claiming to be aware of HIPAA regulations and being fully trained are vastly different matters. You need to know when and how your virtual receptionists were HIPAA educated, and how often their certification is updated and tested. Your virtual receptionists should be able to provide detailed information about how messages are transmitted, stored, or destroyed. Find out what kind of access you will have to the information concerning your patients and your practice.
2. Two-Way Encryption
It’s not uncommon for healthcare professionals to assume that if they receive a text or email from a third party, such as a virtual receptionist at an answering service, they aren’t responsible for HIPAA violations on the sender’s end, but this is not true.
Likewise, if a virtual receptionist sends a text containing PHI, it may be encrypted on their end but not on the physician’s screen. Physicians are responsible for the secure and confidential transmission of PHI on both the sending and receiving end of any data, so your virtual receptionist must clearly identify how PHI is securely encrypted on both ends of all communication.
Secure Messaging safely allows for texting PHI to physicians. The data is encrypted on both the sending and receiving ends, and the information is not stored on the device. You can create a group and share messages with the members in that group.
3. Staff & Technology
Top medical answering services today are able to provide greater security and reliability through a team of HIPAA trained virtual receptionists and advanced technology used to legally record and transmit information.
Voice Link of Columbus, Inc., for example, offers a secure communication app that lets healthcare providers text patient information without putting PHI at risk. This app allows the provider to send secure messages to other providers or to all members of their group. The provider can also attach their dictation right on that message using the app. The message can be downloaded right into the patient’s electronic chart.
Voice Link offers over 30 years of experience in HIPAA-trained medical live answering services, and our expert virtual receptionists and state-of-the-art technology will exceed your expectations. Request information online or call us at (800) 262-2799 for a free consultation.