Simple healthcare communications promotes HIPAA compliance

When it comes to the sensitive data stored and transmitted within healthcare organizations, complying with the guidelines set out by HIPAA can promote the safety of information as well as the avoidance of fines and potential legal action. However, if the technology is overly complicated or the compliance rules require excessive steps for compliance then HIPAA-compliance is an unfortunate afterthought. There is a dire need for simple healthcare communications that can easily be rolled out.

The lack of simplicity of much of the technology in healthcare is due to the rapid digitization of technology. With the relative speed of digitization comes unintended consequences, including unfriendly user interfaces that stymie and frustrate physicians accustomed to comparatively intuitive smartphones and tablets. Technologies that are meant to encourage HIPAA compliance instead do the opposite.

Complexity leads practitioners to choose easier to use devices like tablets or smartphones, often referred to as BYOD. The risk of an unauthorized disclosure of ePHI from a personal mobile device is also significant. Many hospitals and practices allow “Bring Your Own Device” (BYOD) policies because of the convenience it affords. However, this can also all too easily lead to unauthorized disclosures of ePHI such as:

• The mobile device is misplaced or stolen, allowing unauthorized third parties to access ePHI
• The mobile device is left viewable, enabling an unauthorized third party to have access
• An unauthorized individual “hacks” into the mobile device’s database or accesses ePHI through an insecure channel of communication
• The mobile device is traded in without first securely and permanently wiping the data

Given these points, it’s easy to see how BYOD can become a significant source of HIPAA violations. It’s simplicity which practitioners are craving. However, BYOD often leads to HIPAA non-compliance.

Simple healthcare communications – WHAT EASE OF USE ENTAILS

Simply put, if technologies are easy to use then they are more likely to be adopted and embraced. As such, CIOs and CISOs should embrace ease of use as a way to ensure increased adoption of HIPAA-compliant technologies. So what HIPAA compliant components need to be ensured to avoid HIPAA violations?

• AUDIT CONTROL
  Knowing that BYOD devices can be on the network at any given time means that security officials need to have audit controls to ensure that only those with approved access are able to access privileged information. As one source noted, by using audit logs officials will be able to increase HIPAA compliance and track devices to more nimbly respond to device theft. Plus, IT will know when unauthorized devices are attempting to sign on.
• ENCRYPTION
  Data at rest encryption is just the single biggest thing that any healthcare organization can do to help prevent breaches and ensure compliance with HIPAA. On both mobile devices and laptops, encryption needs to be included.
• REMOTE WIPE
  The majority of data breaches are the result of theft of mobile devices . This finding highlights the importance of securing mobile devices with protected health information (PHI) and educating staff on proper protocol when using cell phones and tablets. The most effective protocol would be to tell authorities at the hospital or clinic and have them remotely wipe the ePHI from the device
• TRAINING
  One of the major causes of security violations in healthcare is human error. To combat this fact, hospitals need to ensure they provide training and education for their employees. Education needs to look at
  • How practitioners can do to ensure HIPAA compliance
  • What steps to follow if devices are lost or stolen
  • How to ensure the security of communications when using mobile devices.
  In essence, technical safeguards and training are crucial for anyone who handles patient data. Furthermore, by ensuring that BYOD embraces these steps, hospitals and clinics will improve their compliance with HIPAA mandates and statutes.

Simple healthcare communications – SECURE MESSAGING AND HIPAA COMPLIANCE

Secure texting is a key and recommended layer of security. Healthcare organizations such as hospitals and clinics need to provide and exchange information in a hectic and chaotic environment. Communications must be transmitted quickly and without delay. In the service of speed, security is sacrificed. If the messages that practitioners are exchanging includes ePHI, then HIPAA is also sacrificed.

When private patient information is sent over standard and unsecured carrier short message services (SMS), serious vulnerabilities can arise. However, the adoption of secure texting systems can, “mitigate many, if not all, of the logistical and compliance problems that traditional phone communications and default smartphone SMS texting pose to healthcare organizations.”
Being able to communicate securely should be just as important as communicating quickly, particularly when it comes to healthcare institutions.

To learn more about how the ease of use of a technology can promote HIPAA compliance read our whitepaper