Don’t Breach HIPAA While Messaging & Texting Patients

Ryan Nelson

Ryan Nelson

Posted on May 04, 2015

Secure messaging, video conferencing and social media are all useful communication tools for physicians in light of the accelerating digitization of the healthcare industry. Social media outlets, in particular, are a seductive alternative to traditional communication channels, such as email and telephone, as they allow users to be connected at a moment’s notice.
Using services such as these can allow practices to strengthen the physician-patient relationship and can even lead to improved medication adherence and better treatment outcomes. In fact, according to a study conducted at an Australian university, people tend to value video feedback over written comments. For physicians, this means that sending patients home with video instructions for taking medications and following a care plan could have a higher payoff than traditional handouts.
[related_content]Of course, the challenge is ensuring that the communication methods used meet HIPAA standards.
Social media data breaches, such as last year’s Snapchat leaks (although the photos and videos vanish after a chosen number of seconds, it turns out the company does store them), are rampant, and incidentally, tend to not be HIPAA compliant. Skype is also not HIPAA compliant and should not be used to communicate with patients.
For video conferencing and secure messaging, two companies that can be trusted with HIPAA compliance include Bridge Patient Portal and VSee, NASA’s official video-conferencing platform on the International Space Station. Both companies adhere to important HIPAA requirements including:

  • All audio/video communication is securely encrypted and transmitted from point-to-point such that even the company does not have access to any identifiable health information that may be communicated.
  • As required under the Business Associate Agreement, the company agrees to be responsible for keeping all patient information secure and to immediately report any breach of personal health information.

Protecting Your Practice From Potential HIPAA Liability

The following recommendations can help you ensure HIPAA compliance:

  1. Request audit, breach notification and other information from the software companies that you choose to work with.
  2. Have patients sign HIPAA authorization and separate informed consent as part of intake procedures when using web-based platforms.
  3. Develop specific procedures regarding use of video conferencing and messaging platforms (interrupted transmissions, backups, etc.).
  4. Train workforce on the use of these platforms.
  5. Exclude the use of these platforms for vulnerable populations (i.e., severely mentally ill, minors, those with protected conditions such as HIV).
  6. Limit to certain clinical uses (i.e., only intake or follow up).
  7. Use secure platforms with audit trail, breach notification and other capabilities.

If you take away one thing away today, remember to evaluate platforms by their approaches to encryption, the Business Associate Agreement, and audits and breaches.

Related Posts

Graphic of a large laptop with a shield and padlock in front of it. Smaller images of people on the left and right side of the labtop interact with various mobile devices.

Posted on February 16, 2022 by Pablo Bullian

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure. Mitigating…Read more

Illustration of a boy sittin on top of a computer with security shields floating.

Posted on January 07, 2022 by Pablo Bullian

A Look at 2021’s Most Dangerous Vulnerabilities Found in Windows Patching is a complex task that most companies struggle with or overlook, but keeping systems, and therefore patches, updated is…Read more

Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.