March 2017

Hip about HIPAA

Female patient at the dentist giving a high-five and looking very happy with her smile design

Dr. Robertson, now retired, was my dentist. He ran a modern dental practice. It was both hip and fun. First, the fun: he always made me laugh. Sometimes, he had to stop the procedure because I was laughing so hard. He remember details about my life, and so did his staff. Shannon, his dental hygienist, always encouraged my progress. How did they remember those details? Was it note taking, a great memory or a HIPAA compliant communications and patient relationship management system? I don’t know. But I always recommended Shannon and Dr. Robertson and his staff because they were excellent in all the ways that mattered. I left their office with a problem solved, a brighter smile and a lighter step. That’s the human “technology” of a great experience.

I Like

What’s hip is that they also used technology to set my appointments. The office sent emails to remind me of my upcoming appointments, and a few years later, based on my preference, switched to text reminders. Sometimes I got texts asking if I’d like an earlier appointment as they had an unexpected opening. And because Dr. Robertson knew I marketed cool technology he would ask me my thoughts about xyz software or technology tools he used. Thanks Dr. Robertson for being great.

Today the modern dental office uses digital patient relationship management (PRM) and HIPAA compliant communication platforms to help their practices run more efficiently.  These systems save money, help staff fill empty seats, send appointment reminders to patients and more. Doctors can make calls from anywhere to their staff on their smartphones to relay patient information. Office managers can automate messages, send funny and informative texts and capture ways patients best engage. But all those digital resources must meet security standards to protect sensitive patient health information.

Meeting those security standards and HIPAA compliance is not complicated. The best technology providers ensure their systems meet regulatory requirements. Janice Janssen, a member of the Academy of Dental Management Consultants (ADMC), offers the following recommendations in her article: Tips for staying ‘hip’ with HIPAA regulations for dental practices:

Create practice HIPAA compliance and security breach policies

Well thought out, written plans are needed to ensure that your practice stays in compliance. Your HIPAA compliance policy should clearly state the responsibilities of your office and each staff member in protecting your patients’ private health information. The policy should clearly outline how your office handles and remediates various kinds of security breaches.

Have a HIPAA privacy officer

The HIPAA Privacy Rule requires certain safeguards to best protect the privacy of your patients’ health information. One safeguard is giving someone the responsibility of overseeing and applying these rules. Large offices may want to hire someone to have this sole responsibility. If you have a small office with a limited budget, then you as the dentist or your office manager can assume this role. Whoever is assigned this job needs to be reliable and organized as well as fully trained on HIPAA laws.

Educate your staff on HIPAA laws

For your practice to stay HIPAA compliant, each employee must know what’s required of them to be compliant. Have your HIPAA privacy officer hold team trainings where employees sign a written agreement that states they’ve fulfilled the required training. Employees can help prevent HIPAA violations and keep the office compliant when they’re educated on what the HIPAA laws are and the consequences of being non-compliant.

Perform regular risk assessments

Security risk analysis is a critical part of maintaining HIPAA compliancy. This helps identify security vulnerabilities in your office and lets you know what actions you need to take to correct and prevent these security violations. Although you can perform these risk assessments on your own, oftentimes it’s more effective when performed by an outside expert, such as Janssen or with the help of HIPAA compliance software.

Use a HIPAA compliant communication system

Ask your technology vendor to provide a HIPAA compliance business associate certificate. If they don’t know what you are talking about, you probably want to try another technology solution with the HIPAA expertise to answer your questions.

RingRx is a phone and patient-staff communication system that’s built specifically for doctors, therapists and providers of health services. RingRx delivers the quality, the value and the simplicity you desire and the security and compliance you need. To learn more, visit our website at www.ringrx.com or call 1-888-980-6860 to speak with RingRx HIPAA compliance certified customer service managers.

 

An App for HIPAA Compliant Communications

doctor examining a baby in a hospital

Now There’s an App for HIPAA Compliant Communications 

Mobile devices like handheld tablets and smartphones with apps for HIPAA compliant communications allow doctors unparalleled flexibility.  But along with the convenience and new uses of photographic and data transmission of patient health information (PHI), every provider must be aware of the legal implications of using these technologies. Now, there’s an app for HIPAA Compliant Communications. Here’s why it’s important.

In an informative article from the Advisory Board, Stacy Cook of Barnes & Thornburg LLP discusses how doctors and therapists can maintain HIPAA compliance as the usage of mobile devices increases among staff and patients. “Mobile devices are not mere cell phones. People often forget that mobile devices are essentially handheld computers where one can easily access and transmit PHI.

For instance, mobile device users transmitting and receiving PHI via public Wi-Fi or email applications on mobile devices are using unsecure mobile networks. This puts PHI at risk of interception. Most mobile devices can take and store photographs, which can be a compliance concern if the pictures violate their privacy. Also, with any mobile device that is relatively small in size, providers must be concerned about misplacement and/or theft resulting in the unintended loss of PHI.

Mobile devices also pose unique storage challenges for providers. This is because individual users can dictate where information is stored. Cloud storage is popular among mobile device users, and users storing PHI in clouds may be putting the cloud provider at risk if a HIPAA business associate agreement is not signed.

To minimize PHI storage liability, most providers now require cloud storage capabilities to be turned off on company-issued mobile devices. However, the major challenge is still managing employees’ and business associates’ personal mobile devices.”

Use a HIPAA Compliant App for PHI Communications

Providers should know that the majority of health-related apps are not HIPAA compliant. Fitness related apps do not need to be HIPAA compliant. But apps that deal with PHI and/or allow providers and patients to communicate with each other must meet the regulatory standard for HIPAA compliance. Ask for credentials and business agreement certifications. Ensure an app supports a HIPAA compliant phone and communication system. Best of all a bundled communication system allows clinicians to choose from a variety of HIPAA-compliant mediums to safely discuss and/or share PHI. It needs to easily integrate with popular office software and EHR systems.

Risk Management Steps

“Providers should develop policies and procedures outlining mobile device usage standards,” states Cook.  “Policies should state whether or not personal mobile device usage is allowed and if so, the usage parameters should be clearly defined. Providers should also be clear as to which party is responsible for security and encrypting the mobile devices. Once mobile device policies are in place, providers should perform periodic audits to ensure that compliance is upheld.”

In Case of a Breach

Cook writes, “Under HIPAA, if the organization is a covered entity (CE) and a breach occurs, then each patient whose PHI was compromised needs to be notified.

Providers should have written policies and procedures in place. They should outline how to investigate a breach and actionable steps to prevent future breaches. Providers must report breaches involving 500 patients or more to the Office of Civil Rights (OCR) at the same time as the patient notifications. For breaches affecting under 500 individuals, providers can submit an annual report to OCR due February of the succeeding year.

Risks of HIPAA Non-compliance?

Under HIPAA, providers can face financial penalties for PHI breaches. The sanctions for enforcement cases range from $100-50,000 per violation with a cap of $1.5 million per calendar year.  Sometimes settlements in excess of this cap occur because the government determined that the violation occurred over a number of years.

A provider’s reputation can also diminish because in addition to reporting to patients and the OCR, CEs are required to report to the media in some situations.”

An App for HIPAA Compliant Communications

RingRx delivers a state of the art HIPAA compliant communications system built specifically to meet help make doctors’ lives easier.  And this includes an app for HIPAA compliant communications relayed on your smartphone. It’s  convenient, secure and delivers high value.

To learn more about a HIPAA compliant for system for doctors, dentists, therapists and clinicians, please visit www.RingRx.com.

RingRx: A Simpler, Better Communication System. One Platform. All Your Devices. HIPAA Compliant and MACRA Ready.

RingRx unifies all digital communication streams from your mobile device, business phone and fax—all into one easy to use dashboard. It simply increases efficiency, helps you improve flexibility, makes patient communications more meaningful with every interaction while reducing errors and cost.

To learn more, call our HIPAA compliance phone and communication system experts at 1-888-980-6860.

HIPAA-Like Protections Are Also In Place For Pets

Young happy vet reading medical documents of a Bulldog.

HIPAA is a federal law that helps protect people and sensitive patient health information. But what about information about James Comet, the best dog in the planetary system and beyond, or what about Athena, the always sleek, elegant and sometimes incredibly sweet feline? Are HIPAA-like protections also in place for pets?

Barb Rand, HNI Compliance Advisor sums it up well: “Unlike people, pets are not protected by HIPAA, the law that guides medical privacy, because they are considered property and not persons (although there are many pet owners who would argue otherwise!) Like people, however, health information for pets and livestock collected at the vet also is protected by law. Thirty-five states have statutes that address the confidentiality of veterinary patient records. Check out this link to a summary of these privacy laws from the American Veterinary Medical Association.”

HIPAA-Like Protections Must Also Be In Place for Pets. RingRx can Help.

The ‘purrrfect’ phone system for a veterinarian should ideally:

  • Contain all the features of the best digital VoIP systems on the market which help save money
  • Be 100% HIPAA compliant
  • Free your hands to receive and organize patient calls without the need to hire new staff
  • Hide your personal phone number, even if you call from your smartphone
  • Be able to bypass caller ID block without revealing your private number
  • Organize error free, on-call schedules for multi-partner groups
  • Improve critical care and proactive patient communication
  • Store voicemails, faxes, and call recordings in state-of-the-art data centers
  • Manage all communications from a cell phone.

RingRx HIPAA Compliant phone system has bridged the real-world healthcare experience for people and pets with today’s latest technology. And that’s why Veterinarians are selecting RingRx.

RingRx works just like your existing phone – except you are now covered for compliance across all your devices. One platform. Lots of savings. RingRx is like having your office in your pocket whenever you want. The RingRx team brings over 20 years of experience in healthcare communications, telephone technology innovation, and call center management.

To learn more and get a free trial, please visit RingRx at www.ringrx.com or call us at 1-888-980-6860.

 

Download our whitepaper on
What a Phone Upgrade Should Look Like
Find out the shortcomings of "typical" solutions