Don’t Breach HIPAA While Messaging & Texting Patients

Ryan Nelson

Ryan Nelson

Posted on May 04, 2015

HIPAASecure messaging, video conferencing and social media are all useful communication tools for physicians in light of the accelerating digitization of the healthcare industry. Social media outlets, in particular, are a seductive alternative to traditional communication channels, such as email and telephone, as they allow users to be connected at a moment’s notice.
Using services such as these can allow practices to strengthen the physician-patient relationship and can even lead to improved medication adherence and better treatment outcomes. In fact, according to a study conducted at an Australian university, people tend to value video feedback over written comments. For physicians, this means that sending patients home with video instructions for taking medications and following a care plan could have a higher payoff than traditional handouts.
[related_content]Of course, the challenge is ensuring that the communication methods used meet HIPAA standards.
Social media data breaches, such as last year’s Snapchat leaks (although the photos and videos vanish after a chosen number of seconds, it turns out the company does store them), are rampant, and incidentally, tend to not be HIPAA compliant. Skype is also not HIPAA compliant and should not be used to communicate with patients.
For video conferencing and secure messaging, two companies that can be trusted with HIPAA compliance include Bridge Patient Portal and VSee, NASA’s official video-conferencing platform on the International Space Station. Both companies adhere to important HIPAA requirements including:

  • All audio/video communication is securely encrypted and transmitted from point-to-point such that even the company does not have access to any identifiable health information that may be communicated.
  • As required under the Business Associate Agreement, the company agrees to be responsible for keeping all patient information secure and to immediately report any breach of personal health information.

Protecting Your Practice From Potential HIPAA Liability

The following recommendations can help you ensure HIPAA compliance:

  1. Request audit, breach notification and other information from the software companies that you choose to work with.
  2. Have patients sign HIPAA authorization and separate informed consent as part of intake procedures when using web-based platforms.
  3. Develop specific procedures regarding use of video conferencing and messaging platforms (interrupted transmissions, backups, etc.).
  4. Train workforce on the use of these platforms.
  5. Exclude the use of these platforms for vulnerable populations (i.e., severely mentally ill, minors, those with protected conditions such as HIV).
  6. Limit to certain clinical uses (i.e., only intake or follow up).
  7. Use secure platforms with audit trail, breach notification and other capabilities.

If you take away one thing away today, remember to evaluate platforms by their approaches to encryption, the Business Associate Agreement, and audits and breaches.

Related Posts

Illustration of four people in a healthcare organization discuss ideas and the roadmap for their softare development project.

Posted on December 03, 2021 by Paul Galbraith

When embarking on a software development project, there are often many unknowns: How should legacy software integrate with new solutions? What compliance issues need to be solved? How can technologies…Read more

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Posted on November 09, 2021 by Pablo Bullian

PHI Leaked Due to Fresno’s Health Network Hack A group of health clinics in the Fresno area that belongs to United Health Centers were hit by a ransomware attack. Not…Read more

Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.