What A HIPAA-Compliant Medical Call Service Will Not Do
If you are a healthcare industry professional, you will know the importance of safeguarding your patients’ health information. Healthcare services or medical call services need to be HIPAA–compliant in order to be recognized as a trustworthy service provider. HIPAA violation may lead to undesirable consequences including penalty obligations and loss of reputation. You may want to check if you are HIPAA-compliant and there are simple ways to find this out.
There are certain things that a HIPAA-compliant medical call service will not do and you if you are doing them, you are violating the provisions of the Act.
- Using Alpha Pager to send patient health information: Alpha or text paging is not a secured way to send your patients’ information. This is mainly due to the fact that the data that you send through a pager is not encrypted. Additionally, the pager is not a password-protected device and so anyone can access the data that you send through your pager. If you lose your pager or if it gets stolen, you will experience a data breach incident. The industry has not invented remote data wiping software for pagers and so when you lose your pager, you lose your reputation.
- Using mobile phone to send text messages: Text messaging services do not allow for encryption and so anyone can gain access to confidential patient information that you transmit via mobile phones. It is rather alarming to note that criminals have set up fake cell phone towers to intercept confidential information. While mobile phones can be protected by passwords, text message notifications may still be viewed on the screen. HIPAA and HITECH regulations require healthcare professionals and answering services to download secured text messaging apps which will promote HIPAA-compliant text messaging.
- Sending patient information through unsecured email: When you send your patients’ information via email, you should make sure that you send encrypted email messages. When you use standard email, it goes to the recipient in a vulnerable form without being encrypted. This way, the identities of the sender and the receiver may also get compromised. Ideally, you should get your email servers configured to support TLS encryption which will prevent a passive adversary to intercept or modify the content. You may also choose to use S/MIME secure email which will require you to sign up for private/ public certificate from a certification authority.
HIPAA violations may lead to fines that may be as high as $1.5 million. If you think that you have issues with HIPAA-compliance, you may want to check with specialists so that they can guide you on the use of appropriate technology as well as on the adoption of appropriate behavior.