At the onset of the Covid-19 pandemic, many healthcare providers were sent "scrambling" to transition their clinics from in-person to telehealth operations. The U.S. Department of Health and Human Services (HHS) moved quickly to ease regulations for healthcare providers, ridding them of some of the stress associated with meeting certain HIPAA compliance criteria.
There will come a day when relaxed HIPAA regulations come to an end. As a healthcare provider, you must be prepared for this reality. We want to help your long-term plan by providing tips for a more effective secure communications strategy post-pandemic.
Examples of "breaks" in HIPAA compliance during Covid-19
Telehealth providers were granted less 'policing' during the Covid-19 pandemic. According to the HHS, the "OCR (Office for Civil Rights) will exercise its enforcement discretion and will not impose penalties for non-compliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency." A big example of this was the allowance of telehealth providers to use any non-public facing remote communication product that is available to communicate with patients.
Hospitals saw relief in regulation as well. Under Section 1135 of the Social Security Act, items within the HIPAA privacy rule were temporarily waived, including:
-
The requirement to obtain a patient's agreement to speak with family members or friends.
-
The requirement to honor a patient's request to opt-out of the facility directory.
-
The requirement to distribute a notice of privacy practices.
-
The patient's right to request privacy restrictions.
-
The patient's right to request confidential communications.
Healthcare providers must apply for this waiver, though turnaround time is quick. Providers can learn more and apply at the dedicated CMS webpage.
In many cases, the easing of restrictions has enhanced the speed of communication between patients and their providers. Some of which may be happening via non-HIPAA compliant software for the time-being. With that being said, the question remains - is this a sustainable process when considering the security of personal health information (PHI)?
It's time to adopt secure cloud-based communication solutions
Whether you have utilized a form of secure cloud-based communications in your healthcare setting in the past or not, there is no better time to begin looking into one or building out a current system. Much of the technology your practice would use can be done in the cloud, including:
- Telephone
- Text and instant messaging
- Video conferencing
- Collaboration and file sharing
Why should you consider hosting these services in the cloud?
Looking at phone services in specific, Voip Review states that utilizing the cloud will provide several security benefits, including data encryption, network security, secure voice and video, HIPAA-compliance measures, and more.
Benefits to cloud-based communications are wide-spread, though it is well-known for its quick and safe transmission of critical information. For example, being able to text patient results with less worry of potentially compromised data. Other benefits include:
- Quick & efficient communication: Doctors, office staff and patients can communicate vital (and sensitive) information seamlessly and securely between all authorized users thanks to HIPAA compliant software. Information can include:
- X-Rays
- Treatment schedules
- Follow-up appointments
- Prescriptions
- Clinical notes
- Avoid stiff penalties: Hospitals are known to use encrypted instant messaging systems to efficiently pass along information to other departments and patients. This HIPAA compliant software ensures that information does not end up in the wrong hands. If it does, an organization can face hefty fines of up to $50,000 per each violation.
- Reduce no-shows: A recent study found that medical appointment no-shows are costing the U.S. healthcare system approximately $150 billion a year and individual physicians an average of $200 per unused time slot. Being able to communicate with your patients frequently and more securely (including new forms of appointment reminders) can result in better attendance and more profits for a healthcare organization's bottom line.
How to get started on a mobile communications strategy
It may be easy for some practitioners to get "comfortable" with the relaxed HIPAA compliance measures adopted during the Covid-19 pandemic. Whether measures are still relaxed or back to normal, every healthcare organization should develop its very own mobile communications strategy. This will not only protect a practitioner and his or her organization from hefty penalties, but it will also protect patient data loss, all while promoting efficient care.
MedCity News has laid out a few key areas of consideration when building out a new mobile communications strategy or revising a current one. They include the following sub-categories:
- Patient data protection policies
- Documentation and archiving requirements
- Acceptable use policies
- Patient responsiveness policies
- Security controls on the device
- Company rights for altering the device, such as remote wiping for lost and stolen devices
How can Giva help?
While exponentially scaling, how can telehealth and telemedicine providers assist patients using their platforms? Patients and healthcare providers may encounter technical problems with videoconferencing, appointment setting, insurance eligibility, billing, and e-prescribing. Also, rapid and successful patient onboarding may require non-medical personnel working with patients.
Giva has a strong focus on telehealth and we can help you get up and running on a Patient and Healthcare Provider Service Center Portal to increase satisfaction, speed issue resolution, and decrease costs. Sign up for a no-obligation 30-day trial of Giva.