5 HIPAA Mistakes every Practice should Avoid when Texting Patients
by Kevin Martez We Offer Quality custom BoxesEffective and regular communication between patient and
provider entities is crucial to maintain a smooth practice workflow and to make
sure patient enquiries and needs are taken care of at all times. It is,
therefore, required of the providers to adopt effective digital communication
strategies that are commensurate to the everchanging needs and preferences of
patients. Texting, among many other useful communication tools, transcends the
need for patients and physicians to be physically and painstakingly tending to
matters such as administering transactions, scheduling appointments, patient
conversations and gaining feedback, etc.; these activities can be affected
remotely with just a few keystrokes. However, this panacea can sometimes prove
to be dodgy, particularly in face of HIPAA regulations. Disregarding these set
rules, unintentionally or otherwise, can draw hefty fines and penalties.
Here are some mistakes that practitioners need to elude
while texting patients:
Using unsecure texting platforms:
While it can be tempting to simply text patients via
personal smartphones, providers need to be mindful of the fact that they might
be discussing confidential information. The texting system being used needs to
have a substantial level of encryption in order to protect the sensitive data.
To maintain the security of the data being exchanged, providers must make sure
that their preferred texting solution is sufficiently encrypted; at every level
from physician to patient, and is HIPAA compliant. It is also important to
ensure that the system developed is able to track status of messages and
communicated information, identify sender and receiver, and integrate the
generated patterns of information safely into your current ehr software.
Texting patients
without opt-in
One of the most crucial aspects of a successful patient
texting system is patient consent. Texting patients without their expressed
consent can be a HIPAA violation, and may also see your practice on the wrong
side of various other regulators. Receiving patient consent is not very
daunting after all. It can be
accomplished by encouraging patients to be the ones making first contact by
including your phone number on your website along with a simple message like
“text us at [number]”. Should that sound too difficult, you can simply ask
patients to opt-in when they come to the practice.
Moreover, to avoid any potential HIPAA violations, include a
disclaimer, on the sign-up form of your website, that providing any contact
information gives the practice the right to use the given channels of
communication. Finally, also include a method of opting-out, should patients no
longer wish to communicate over text.
Sharing PHI
Once consent is acquired for texting, the next step is to
acquire consent for sharing personal health information (PHI). Not all patients
will sign up for text message communications in order to have medical
conversations. Some will simply want it for scheduling and reminders, so it is
important to get consent before sharing any PHI. This is a handy way of knowing
which patients would be looking for these types of conversations over text, and
will also protect the practice from any legal trouble that could arise from an unapproved sharing
of PHI.
Wrong employees having
access
Outside interference isn’t the only thing to worry about
when sharing PHI. Wrong employees somehow gaining access to the devices used
for communication can be just as disastrous, leading to problems like insurance
fraud or identity theft. Even the most secure system won’t be of any use if you
simply leave the device lying around where anyone can use it. Managing
authorization logs that only allow the right people have access is a crucial
component of a secure text messaging system.
Failure to implement access controls, to determine who can
view what fraction of a certain PHI, can be avoided by assigning different
phone numbers and dashboards to each authorized employee to handle patient
communication with discretion.
Sending messages to unauthorized
individuals: This is bit of a silly one, and one arguably we’ve all been
guilty of, practitioners or not, at some point in our lives. However, the
universality of this act does not make it less culpable. Mis-mailing can result in unauthorized
release of PHI to individuals not authorized to receive or view the
information.
As disastrous as it can be, this problem is easily
preventable. Front desk staff will need to take the lead on this; confirming
patient information every time they get in.
Patients want to ask you questions and hold conversations
through text, but it's important that they are confirmed via opt-in before
sending messages. Texting is a great way to stay in touch with your patients.
You can text them for scheduling and reminders, or talk about their care the
whole time! It's important that you ask if they're okay with messages from you
during treatment. How do you make sure this happens? First, start by adding it
as a question on patient paperwork. For example: "Would you like us to
text message or email with updates about your care?" As long as patients
have opted into receiving texts about care related to PHI, you're good to go.
Patients can also easily opt-out of any message they do not want at their
fingertips by texting stop followed by checking anytime during the day or night
for an immediate response.
Sponsor Ads
Created on Dec 17th 2021 08:02. Viewed 294 times.