Remaining HIPAA Compliant While Utilizing Electronic Communication in Healthcare

Technological advancements in electronic communication, primarily emails and SMS (Short

Message Service) text messages have not only changed the way communications are received,

but how business is done. From major corporations to small companies, emails and text

messages have innovated marketing in industries across the board. Healthcare providers are

now turning to these forms of communication as a way not only to remind their patients are

upcoming appointments, but to engage in research studies, medical condition management and

advertising. With healthcare’s growing integration of text messaging and emails in their services,

there has also been concern of HIPAA (Health Insurance Portability and Accountability Act)

Privacy Rule compliance. In the following document HIPPA compliance in relation to these

forms of communication (email and text messaging) will be discussed.

What is HIPPA?

HIPPA or the Health Insurance Portability and Accountability Act was enacted in 1996 by

Congress to provide individuals security for the privacy of their health information and limit the

opportunities for this information to be unnecessarily disclosed. The rules cover PHI (Protected

Health Information) which includes:

The person’s physical/mental health condition currently, in the past or in the future.

The person’s current, past and future healthcare payment amount and type.

Any identifying information such as name, date of birth, Social Security and address.

How is HIPAA compliance maintained?

To maintain HIPPA compliance healthcare providers must uphold certain best practices to

safeguard PHI, such as:

Limit who can view and access PHI as well as have in place protocols and programs to

protect the information.

Engage in administrative, technical and physical best practices to limit information

disclosure.

What does this mean for electronic communication?

When HIPAA was created in 1996, electronic communication was not as common as it has

become over a decade later. The original act was not created with these forms of

communication in mind and has not been modified to distinctly reflect these trends since. As

these mediums rise in popularity, a certain level of ambiguity still remains when discussing

HIPAA’s position on this subject and is still in many cases up to the provider’s discretion and

best judgment. That being said, precautions still need to be upheld to protect the individual and

fulfill basic HIPAA regulations.

Under the Privacy Rule, individuals have to right to approve or deny a health care provider’s

alternative communication method (i.e. email and text messaging). If an individual (patient)

initiates the communication with the provider through electronic means, the provider can

assume that electronic communications are acceptable to the individual. The provider also has

the right inform the individual of the possible risks of electronic communication and let them

decide whether or not to continue receiving them.

The key in both situations is to limit risk of sensitive PHI being released. Providers need to

protect themselves by 1) limiting the amount of PHI in the message 2) confirming the phone

number or email of individual 3) encrypting the data if possible.

Both emails and text messages propose the risk of having the message sent to the wrong

person or be intercepted while en route. Phone numbers and emails should always be

confirmed before any PHI is sent. While encryption seems like an ideal way to ensure privacy,

newer iPhones and Android smart phone devices do not support encrypted text messages and

third party applications may need to be enabled for individuals to receive encrypted emails.

Privacy statements should be included informing the recipient of the potential risk of email or

text message communication and who to contact if this message was sent to the work address

or number.

For more information visit http://www.callfire.com