For years, cloud-based healthcare vendors had tried to avail their organizations to the conduit exception to HIPAA. Broadly speaking, the conduit rule exempts entities from complying with HIPAA if they only transmit and do not access PHI (usually on behalf of a Covered Entity). In the buildup to the Omnibus Rule, PHR vendors, data storage companies, and other cloud-based providers lobbied HHS to broaden the scope of the conduit exception.
Communication in a medical practice is essential to the patient care, patient satisfaction and productivity of the healthcare personnel. Within all healthcare environments, there should be an active communication between all personnel, not just between physicians. Communication starts at the front desk. Throughout the course of an average workday, the front office staff must schedule a wide array of appointments and medical procedures.
With just over two weeks until the Sept 23rd HIPAA Omnibus deadline, as the CIO of healthcare provider facility you’ve come to discover that a number of your physician and nurse providers have been communicating with one another over standard text message, exchanging information in a HIPAA noncompliant manner.
In what is believed to be one of the larger HIPAA breach settlements in recent memory, health insurer WellPoint has agreed to settle with HHS for $1.7M stemming from a 2009 and 2010 incident where WellPoint impermissibly disclosed the ePHI of over 600,000 individuals through an unsecured online application. During its investigation, OCR found that WellPoint had not enacted the appropriate administrative, technical, and physical safeguards mandated under HIPAA.
As regular readers of the qliqSOFT blog are now aware, the HIPAA Omnibus changes have been in effect for just over two weeks. In the wake of the September 23 compliance deadline, HIPAA compliance should be on the minds of most covered entities even more than usual, and rightfully so – HIPAA data breaches not only sacrifice the trust you’ve established with your patients, but also they’re extraordinarily expensive.
One week. That’s all that remains between now and September 23rd, the date at which the HIPAA Omnibus regulations go into effect. Covered entities under the law should have already completed most of the long-term compliance work under regulations – e.g., updating their Business Associate Agreements, revising their Notices of Privacy. Practices, completing a detailed risk assessment – but the biggest change that goes into effect in seven days is the shift in a presumption in what constitutes a breach.
Your hospital system or eligible provider’s office doesn’t supply mobile devices to its staff or pay for technology solutions like standard mobile data and SMS texting services. So, you don’t have to worry about mobile when creating your HIPAA Risk Assessment, right? You couldn’t be more wrong. Just because you are not providing your staff and physicians with mobile applications doesn’t mean they aren’t using them to transmit and store PHI. And the fact that these systems are NOT directly under your Health IT staff’s control makes them MORE of a risk for a breach – and more necessary to include in your Risk Assessment.
There is high demand amongst healthcare providers to use text messaging as a fast, convenient way to communicate and collaborate with colleagues. With a service area spanning more than 20,000 square miles, Community Hospice of Texas was one of the thousands of organizations feeling that need.
Bridge the communication gap in healthcare with Qliq secure messaging and OnCall Scheduling. Instantly message, view schedules, and more. Watch the demo video now!
Over the last 4 months I have given close to 200 demos of our secure messaging application, qliqConnect, to a variety of organizations, ranging from solo practices to large health systems... and just about everything in between. While our primary objective is to help healthcare professionals communicate securely and efficiently, there is no denying that the “SMS problem” is at the forefront of the compliance consciousness.
I have been involved in security and communication for long enough to recognize some inherent challenges associated with a secure text messaging app for smartphones. Let me start off with the three primary considerations - reliable, timely delivery, security, and usability. Reliability and timely delivery of message delivery are the most important of all.
Given what many called a banner year in healthcare data breaches, many industry professionals were happy to bid 2013 adieu. From the massive Advocate data breach to the Affinity Health Plan photocopier breach, healthcare executives finally had to face the music and tighten information security controls in a post-HIPAA/HITECH Omnibus world. Perhaps the ultimate wake-up call was delivered with the unprecedented Target data breach from late in the year. Now pressured by a better-informed public, lawmakers are starting to address the concerns of living in a un-secure data era.
Subscribe to get notified when new articles are published.
