Description:-

This session will discuss the differences between professional communications and patient communications, and how they must be treated to best serve patients, most efficiently enable communications, and remain within the bounds of HIPAA compliance when using new technologies like texting and mobile devices.

As we move into the new digital age, texting is often the preferred, or sometimes the best way of communicating.  Doctors and medical offices are finding that texting is far more flexible, convenient, and effective than paging, and patients want to be able to use short message texting for handling of appointments, updates, and the like, where even e-mail or the telephone would seem inconvenient.  Communicating with patients’ cell phones via texting or voice call for purposes of payment and even for providing healthcare information requires consent, and using texting for official purposes still remains outside the bounds of physician orders.  These issues must be considered when evaluating the use of texting and e-mail for all kinds of communications.

In order to integrate the use of texting into your communications, it is essential to perform the proper steps in an information security compliance process to evaluate and address the risks of using the technology.  This session will describe the information security compliance process, how it works, and how it can help you decide how to integrate e-mail and texting into your organization in a compliant way.  There has long been a HIPAA requirement for covered entities to do their best to meet the requests of their patients for particular modes of communication, and using texting is no exception.

Areas Covered in the Session:-

• Find out the ways that patients want to use their texting and mobile devices to communicate with providers, and the ways providers want to use texting and mobile devices to enable better patient care.
• Learn what are the risks of using texting and mobile devices, what can go wrong, and what can result when it does.
• Find out about HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI.
• Learn how to use an information security management process to evaluate risks and make decisions about how best to protect PHI and meet patient needs and desires.
• Find out what policies and procedures you should have in place for dealing with texting and mobile devices, as well as any new technology.
• Learn about the training and education that must take place to ensure your staff use texting and mobile devices properly and do not risk exposure of PHI.
• Find out the steps that must be followed in the event of a breach of PHI.
• Learn about how the HIPAA audit and enforcement activities are now being increased and what you need to do to survive a HIPAA audit.

Background:-

Communications in healthcare is an increasingly complex issue. Mobile devices such as tablets and smart phones are becoming key technologies in providing healthcare services.  The use of texting is an issue of current interest as staff begin to adopt the technologies they are already used to, for use in the healthcare setting.  It is essential to consider communications appropriately for business purposes that may or may not contain Protected Health Information.  

Violations are subject to enforcement that can include fines up to $50,000 per day and more, and years-long corrective action plans that can cost many times the financial settlement with HHS.  Enforcement is no longer in the slap-on-the-wrist days; violations do bring significant penalties today.

Why Should You Attend?

With the advent of these new technologies and increased desires to use mobile devices and texting, and with increases in audits and enforcement actions following breaches, now is the time to ensure your organization is in compliance with the regulations and meeting the communication needs and desires of its providers, staff, and patients.  You need the proper privacy protections for health information, including documented policies and procedures on which your staff has been trained, as well as documentation of any actions taken pursuant to those policies and procedures. 

The stakes are high – any improper exposure of PHI against the rules may result in an official breach that must be reported to the individual and to the US Department of Health and Human Services, at great cost and with the potential to bring fines and other enforcement actions if a violation of rules is involved.  Important guidance from the National Institute of Standards and Technology in their Special Publication 1800-1 will be presented.

In addition to HIPAA, there are impacts of the Telecommunications Protection Act of 1991 (TCPA) that limit the use of cell phones for payment and healthcare purposes unless consent is obtained, and there have been recent actions by The Joint Commission (TJC) to approve and then withdraw approval of using secure texting for physician orders, as well as guidance from CMS on the topic, requiring secure communications within the care team and prohibiting texting for orders.

The session will discuss the requirements, the risks, and the issues of the increasing use of e-mail and texting for healthcare communications and provide a road map for how to use them safely and effectively, to increase the quality of health care and patient satisfaction.  In addition, the session will discuss how to be prepared for the eventuality that there is a breach, so that compliance can be assured.

Who Will Benefit?

Compliance Manager, HIPAA Privacy Officer, HIPAA Security Officer, CEO, Office Manager, HR Director, Privacy Officer, CIO, Records Release Manager, HIM Manager, Counsel