When Bill Clinton enacted the Health Insurance Portability and Accountability Act— otherwise known as HIPAA-r—in 1996, the Internet was just taking off. People were starting to sign onto AOL to “surf the Web.” In 1996, just 20 million Americans had Internet access, which is about as many who subscribe to satellite radio today. In the more than 20 years since, technology has advanced rapidly, bringing with it new ways to share private healthcare data that often goes unchecked, despite the enactment of the HITECH Act in 2009 and the HIPAA Omnibus Final Rule in 2013. For perspective, HIPAA was enacted 10 years before the iPhone launched.
Technologies such as social networks, cloud file-sharing, mobile apps and text messaging have made it easier than ever for us to share information, updates, photos and files with our friends and family. And those same technologies have made their way into the workplace. While most healthcare organizations have strict policies around HIPAA compliance, the ease and convenience of some of these technologies can prove too tempting for some employees. According to the Health Research Institute, 81 percent of doctors are using a personal smartphone to communicate protected health information or access patient data.
If that statistic isn’t frightening enough, consider that between April, 2003 and January, 2013 the U.S. Department of Health and Human Services received 91,000 HIPAA violation complaints, where enforcement actions ranged from settlements and seven-figure fines, to referrals to the U.S. Department of Justice for criminal wrongdoing.
The knee-jerk reaction is often to try and stop employees from using personal devices at work, but the reality is that it’s an impossible rule to enforce. It’s better to look at the technology being used by employees and find a HIPAA compliant replacement that works just as well as the consumer version they’re using to get work done.
When you start evaluating your options, especially for communication apps, the choices can be overwhelming, expensive and sometimes risky. Moreover, large hospital systems and provider networks are often highly invested in legacy technology systems, and evaluating new communication apps can seem more like a distraction than an opportunity.
To keep things simple, here are three key areas to keep top of mind when considering a new HIPAA compliant communication app for your organization.
Reliability. You can’t afford downtime in the heat of the moment. Healthcare organizations rely on real-time information to triage emergencies, diagnose illness, order tests and prescribe treatment. There isn’t much room for downtime and it’s necessary to have partners who can guarantee reliability.
IT spending at large North American healthcare organizations was expected to increase to more than $34.5 billion in 2014, as more focus is put on new technology that helps drive process efficiencies as well as internal and patient communication. But as more processes are offloaded to software and systems, reliability and redundancy become even more important.
For example, healthcare mobile messaging apps help improve reliability in a few important ways. First, the messaging system itself is more reliable than systems that rely purely on Wi-Fi access because they can fall back to the cellular network when there’s an Internet outage. Second, they provide an additional communications system should there be an email or phone system outage, with available access to historic conversation and activity data. And finally, some enterprise messaging apps include the ability to send custom alerts to the entire company, specific departments or particular individuals in case any business-critical systems go down.
Efficiency. Provide exceptional care with faster patient intervention. According to the Ponemon Institute, more than 45 minutes are wasted each day on inefficient communication systems in the healthcare setting. That represents a cost burden to the U.S. healthcare system of more than $8.3 billion each year.
Additionally, it means that patients often have to wait longer to be treated by a doctor, diagnosed or receive the correct medication. Yet, HIPAA compliant mobile apps can have a dramatic impact on the speed of patient intervention. The Journal of Hospital Medicine recently reported that providers believe messaging apps are more efficient than paging and commercial cellular networks. This is because they are able to coordinate with colleagues faster, speeding up processes like patient intake and diagnosis.
The days of reliance on pagers and call-backs are nearing an end as secure messaging apps now give providers the ability to get much more done with a single device. Apps with file sharing, mobile alert capabilities, video and image streaming, task management, and integrations with online electronic medical record tools are much more effective at keeping medical teams aligned than single purpose tools.
Accessibility. Reference information when you need it, from anywhere.
According to the Institute for Healthcare Communication, a clinician may conduct as many as 150,000 patient interviews during a typical career. That’s a lot of faces and information for one person to remember and document. Diagnotes found that when patient information was received through an answering service in an on-call situation, 95 percent of those patient encounters were never documented in any medical record.
Those statistics are not surprising given the number of interactions that might occur on any given day let alone over the lifetime of a career. Yet, while the number of patients and incidents continue to grow, communication tools are helping shape a more accessible future for healthcare.
Walkie talkies, pagers and provider-owned phones can’t securely document and store referenceable information. Instead, look for apps that can offer secure, instant access to documents, records, images and resources, so there’s no need to switch apps (or context) to access and share critical information regardless of location.
Finally, once you have a shortlist of HIPAA compliant mobile app vendors you are evaluating, make sure you get a signed Business Associate Agreement. All U.S. based healthcare Covered Entities are now required by law to obtain a signed BAA from any Business Associate that receives, maintains or transmits Protected Health Information on their behalf. This document demonstrates an ongoing investment in enterprise security, compliance and control on the part of the vendor, and protects you against any potential liability in a breach.
About the Author: Jim Patterson is the founder and CEO of Cotap. He has been a passionate entrepreneur for more than a decade, founding two companies of his own and serving as a founding member and chief product officer of enterprise social network Yammer, which was acquired by Microsoft in 2012 for $1.2 billion.
Edited by
Dominick Sorrentino
