According to the Health Research Institute, more than 80 percent of healthcare professionals are accessing protected health information using their mobile devices. Of course, there is no guarantee that access is secure. Unless these professionals take specific precautions, they may be violating the Health Information Technology for Economic and Clinical Health (HITECH) Act without even knowing it.
What is the HITECH Act?
The HITECH Act was originally signed into law in 2009, as part of the American Recovery and Reinvestment Act. Subtitle D of the HITECH Act addresses privacy and security concerns associated with transmitting patient data electronically.
In essence, it extends the application of HIPAA enforcement to communications like texts, emails and alpha pager transmissions. Because these transmissions aren’t considered secure forms of communication, sending any HIPAA-regulated information using them is a breach of HIPAA privacy laws, even if you don’t show that information to anyone else.
For this and other reasons, it’s so important to team with medical answering services that know the law and can provide you with secure means of retrieving digital messages from and about your patients. Simply sending an email or a text isn’t considered HITECH-compliant, so that data must be encrypted and presented in a secure way.
Basic HITECH Requirements
Here are just a few things to keep in mind about HITECH compliance:
Email security can’t be guaranteed. Medical answering services should never send patient information via standard email because it’s difficult to ensure that the connection is secure on both sides of the communication. However, secure web portals that send notifications for a medical professional to log in can be a good solution for instant access without violating HITECH.
Text messages are not secure. Currently, text message carriers are not secure enough to pass PHI (Protected Healthy Information) to the message recipient. As with email, a notification to log into a secure portal can be sent via text messaging to protect patient data, however.
Saving patient data inside a mobile device is a violation. Many programs ask you to store data inside your device during use, but if your medical answering service app is asking for this accommodation, you may be in violation of HITECH. Even though you believe your device is a safe place for data, HIPAA regulators disagree. If someone on the street were to find your device, they might be able to access PHI. Before you hire a medical answering service, make sure it is aware of what these laws entail and require.
HITECH compliance can be intimidating, but it’s not difficult to achieve with an experienced medical answering service by your side. Before you choose your next telephone answering service partner, ask detailed questions about how they handle patient data and their plans for remaining both HIPAA- and HITECH-compliant.