OnPage Report: HIPAA compliant messaging
It took several years after the passage of HIPAA for institutions to realize that the exchange of PHI through devices like pagers represents a HIPAA violation like any other unsecure exchange. Healthcare now realizes that pagers not only put institutions in the position of potentially violating HIPAA statutes, pagers also impede effective communications, lengthen hospital stay for patients and increase the expense of patient care. We recently covered the benefits of HIPAA-compliant messaging in a white paper but the aim of this blog is to look into the HIPAA compliant messaging definition and to see how one can maintain HIPAA compliant messaging at their medical institution.
HIPAA compliant messaging – Definition
HIPAA-compliant messaging describes the exchange of text messages containing protected health information (PHI) of patients. Messages containing PHI must follow the mandates of the 1996, 2003 and 2013 HIPAA legislation passed by Congress which requires:
- the upholding of patient privacy (Health Insurance Portability and Accountability Act of 1996)
- the use and disclosure of PHI by “covered entities” such as health insurers (2003 Privacy Rule)
- the increased scrutiny of encryption for PHI messages and the increased fines for noncompliance of up to $1.5million. (2013 Final Omnibus Rule)
Since 2013, HIPAA compliant messaging has gained importance among healthcare providers as legislation has since spelled out the conditions under which it was possible to exchange PHI between healthcare professionals. Since that time, hospitals have increasingly realized that exchange of PHI via pagers risks a HIPAA violation and a significant fine. Additionally, by exchanging PHI via pagers, the patient information can be accessed by unauthorized third parties and be used to defraud patients and their healthcare providers.
Today, healthcare institutions are moving to HIPAA-compliant messaging applications that provide secure messaging and uphold the mandates of HIPAA.
How do you maintain HIPAA-compliant messaging?
HIPAA compliant messaging means that the messaging containing patient information, care instructions or any other relevant patient information must be both secure and encrypted. When hospitals and clinics introduce HIPAA compliant messaging into their organization, they must maintain reasonable and appropriate administrative, technical and physical safeguards for protecting e-PHI. Department of Health and Human Services states that organizations must provide the following:
- Ensure the confidentiality, integrity, and availability of all electronic protected health information which is created, received, maintained or transmitted.
- Protect against any reasonably anticipated threats or hazards to the security or integrity of this information.
- Protect against any reasonably anticipated uses or disclosures of this information that are not permitted or required under subpart E of this part.
- Ensure compliance by users of the information.
OnPage: HIPAA compliant messaging for hospitals and clinics
- Our HIPAA compliant messaging service enables healthcare providers to communicate via encrypted and secure text communication with their employees as well as each other.
- Create and manage escalation policies
- OnPage, intelligent alerts cut through the noise by bringing critical alerts to the forefront and continuing for up to 8 hours until acknowledged.
- Audit Trails allow you to track messages with SENT, DELIVERED and READ receipts.
- Every group gets their preferred, on-call rotation with on-call scheduling for multiple individuals without limitation to location.
- Add images and voice attachments to your text messages to convey more information, allowing for more informed decisions.
- Mute OnPage when you are off duty and do not want to receive alerts.
- Ability to remotely wipe sensitive patient information