Author: treyes

THE VOIP HIPAA DILEMMA

For about the last 30 years traditional phone systems have been the standard for most medical practices.  These were bulky systems that had tape drives!  Remember those? But they have evolved into the digital world with messages being texted right to our smartphones.  During this time these messages changed from analog to digital.

This has been a good change for many. Information in digital form does have its advantages.  For medical practices making this switch to VoIP, they now have to consider that their voicemails are now electronic and if they contain PHI they now fall into the category of ePHI and must be protected under HIPAA law.  There is no need to worry about this with RingRx.  We can help!

More About VoIP Systems

These systems provide two main functions:

  1. The transmission of a message (a phone call)
  2. The storage of that message (voicemail)

Because voicemails are stored on cloud-based servers they require HIPAA compliance, contrary to the belief of many.  You can read more about this here in this great article:

http://www.mgma.com/healthcare-consulting/hot-topics/consulting-articles/hipaa-and-voice-over-internet-protocol

This fact has practices like yours mitigating their risks by upgrading to a VoIP system.  This can not only protect your practice when done in combination with the implementation of BAA’s, which RingRx can also provide, but it can save you hundreds on your current phone bill!

FCC CONFIRMS RULES REGARDING HIPAA AND PATIENT TELEPHONE CALLS

The Federal Communication Commission issued a Declaratory Ruling and Order to clarify the rules regarding HIPAA and Patient Telephone Calls.

Are you among the many health care providers that have had trouble understanding these rules and how they comply with the Telephone Consumer Protection Act?   It has been more than 19 and 25 years since these acts were introduced; the FCC did issue a Declaratory Ruling and Order to help clear this up.

This ruling states that, if a patient provides a phone number to a health care provider, the provision of that phone number constitutes express consent to calls being made to that number, subject to certain HIPAA restrictions.  This consent applies to calls related to:  The provision of medical treatment, health care checkups, appointment and reminders. Lab test results, pre-operative instructions, post discharge follow up calls, prescription notifications and hospital pre-registration instructions.  You must also always provide your name and contact details as the health care provider.  It is also recommended to keep calls concise and limited to more than 60 seconds.  There is also a limit to the frequency of calls made to a patient with a maximum of 3 calls per week.  The content is still subject to HIPAA restrictions and can only be made for those purposed described above.  There can be no telemarketing, advertising or solicitation.

For more details on this ruling you can visit the FCC’s website: https://www.fcc.gov/document/tcpa-omnibus-declaratory-ruling-and-order

RingRx can also help.  We have designed a business phone system to help you stay HIPAA compliant by using professional grade encryption to keep your patient’s ePHI safe.

How HIPAA Effects the EMR

As part of Obamacare, healthcare organizations were required to implement an electronic medical record (EMR).  One main concern for healthcare providers and patients is the potential violation of the Health Insurance Portability and Accountability Act (HIPAA).  HIPAA requires the Secretary of the US Department of Health and Human Services (HHS) to regulate and protect the privacy of all American patients.  Additionally, HIPAA regulations further incorporated technical and non-technical safeguards to include the use of the EMR.  More and more physicians are using the EMR for ordering labs, pharmaceutical drugs, and also for all of their patient note taking.  These new entities are making healthcare accessibility mobile and adding on relative risks.  Under HIPAA Security Rule patient’s private health information is protected while allowing healthcare providers to adopt new technologies to improve patient care.  Physicians, nurses, and medical students use the EMR in various rooms of a clinic or a hospital, looking at the same patient, potentiating patient’s privacy rights being ignored.

The security of electronic protected health information (e-HPI) and electronic exchange are specifications of the Administrative Simplification of the HIPAA. These rules expand to the application of health plans, insurance, and transaction of medical records. Under the e-PHI, covered entities are required to:

  • Ensure confidentiality
  • Ensure integrity
  • Ensure accessibility of all e-HPI
    • The medical records of patients that are created, received, maintained, or transmitted.
  • Identify potential threats to security
  • Protect patients against potential threats to their security
  • Inform patients on the potential uses or misuses of the medical records
  • Ensure compliance in the workplace as defined by the government regulations.

Confidentiality is the foundation of all medical practices and should be upheld with integrity in all medical practices.  Improper uses or disclosure of medical records is a violation of HIPAA and healthcare in the United States.  Nonetheless, the consequences should not outweigh the benefits of the EMR in healthcare.  Each healthcare organization that implements the EMR should take their practice’s size, complexity, and capability while making their decision.  The technical portion should also not be overlooked, so the chosen software must be compatible to the organization’s limitations of use.

When an organization chooses to implement a form of EMR they should also be educated on the costs, infrastructure, and time it takes for the successful execution. Most importantly, the EMR must be flexible to accommodate the change in patient load and also be user-friendly.  Maintenance of the EMR is another significant component of implementation.  When the EMR is not working that may mean the patient’s charts are inaccessible, and to account for this the healthcare organization should have a back-up system or the capacity to also have paper charts.  In these scenarios, it is imperative there be a staff member who has exemplary background in the information technology (IT) component and the non-IT component of medical records.  Hence, administrative responsibilities will expand beyond quality care. Managerial positions have now expanded to the healthcare providers as much as those who held the title alone.  Patient medical records are the essential part of medicine that correlate to the aptitude of the medical care professional and the organization itself.  In efforts to not violate any patient privacy laws underlined by HIPAA and also ensuring the EMR is properly used is directly related to the further development of healthcare IT.

Ransomware: A New Global Issue for Health Care

In February of this year a cyber attack on multiple hospitals in multiple places around the globe took place. This was achieved using a software commonly known as ransomware.  Ransomware is a type of malware that is installed by hostile agents that prevents or limits users from accessing their own system.  After the infection, the agents of the malware notify the attacked parties that they will remove the malware only on payment of a ransom.  Hence the term “ransomware”.

This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back (patients data in the case of hospitals). The implications regarding HIPAA compliance are significant. 

Although ransomware is usually aimed at individuals, this incident makes it clear that businesses, including those in the healthcare field, can be threatened by these types of cyber attacks as well. The most widely knransomewareown case of a hospital being in the cross hairs involved Hollywood Presbyterian Medical Center, in Los Angeles. This resulted in the hospital paying about $17,000  to the attackers to unlock its data. Unfortunately, given the risk the hospital faced, they had little choice.

The ransomware attack in California was followed by one in Germany on February 11th, which was generated by an email. This time the hospital involved took a different course of action.

“The hospital said that it had complete backups, meaning that it could wipe and restore affected systems, and noted that all patient data was already encrypted, which forestalled any potential data loss. But as a precautionary measure, the hospital reportedly took all of its systems offline until they were fully restored, rescheduled 20 percent of its surgeries and shifted less-severe emergency care to neighboring hospitals” according to this article.

Of course this method is a fairly extreme measure, and many institutions may not have the same type of backup system that would permit such a restore. The fact that the hospital had all of their files properly encrypted was an obvious advantage.

Titus Regional Medical Center, which is located in Mount Pleasant, Texas was similarly targeted. Their data was forcibly encrypted by ransomware and they were unable to access it.  The resulting action taken by the facility is as of yet unknown.

Until recently the targets for ransomware were individuals. And while it may seem obvious in retrospect, the new developments concerning Hospitals caught some off guard. The change in focus to the hospitals is a change in tactic.

The article also explains the similarity of the infection tactic: “the attacks differ little from what’s previously been seen in the wild. Indeed, the mechanics of ransomware attacks are well-known, starting with attackers’ malware-distribution tactics, all the crypto-ransomware we encountered in 2015 was distributed either by drive-by-download attacks or by macro malware in spam emails.”

The recent ransomware encroachments on hospitals is a new development and of obvious concern to anyone working in the healthcare field. What started off as cyber attacks on individuals has now made the obvious leap to businesses, including reputable hospitals worldwide.  As they continue their efforts to target business, steps will be taken to avoid the damage done. But its a learning process, and as it’s a relatively new development sometimes it’s (unfortunately) easier to simply pay the price.

For more information on the recent ransomware incidents involving the hospitals mentioned in this blog please click on the link below.

http://www.healthcareinfosecurity.com/ransomware-hits-hospitals-a-8872

RingRx Office Phone Capabilities

At RingRx we realize that most companies with an interest in updating the way they manage their on call schedule are actually “window shopping” for a proper fit. There are of course some options available to you and your business. And the overriding desire is a need to progress beyond the old school way of managing these calls (the switch board operator being a common example).

In addition to offering a HIPAA compliant phone system, our services also include a mobile app, easy access to the on call schedule that you obiphone1022set up for your practice, and a physical phone system. The advanced office phones are what I’d like to touch on in this blog.

The phones that are offered as part of your service are the Obi1000 series, a technically advanced user friendly office phone with the best possible clarity available on the market. These are the actual physical phones for your office to be used by you and your staff. Of course these phones provide a seamless interface between our Cloudphone and user portal, making it easy to navigate and operate the system.

Here are some of the more exciting features that you get with an Obihai phone:

 

  • High-Definition ‘HD’ Voice Technology for Crystal-Clear Call Clarity – Service Dependent
  • OBiTALK Cloud Management and Service Configuration
  • Large Vivid Color Display – User Configured Themes and Multi-Dimensional Navigation
  • Full-Duplex Speakerphone with Built-In Class D Amplifier and Audio Equalizer
  • Dual Ethernet Ports with Power over Ethernet (PoE) Support – External 12v Power Supply Included

 

 

Communication in a HIPAA Environment

We live in a world where we are connected through technology like never before. Most of us can remember a time before the Internet and instant messaging. And those of us that can remember such a time (not so long ago) can appreciate how far we’ve come. From both a personal and a work standpoint the ability to communicate virtually instantaneously with each other regardless of distance is, for the most part, taken for granted these days, but is no less incredible.

However, in regards to the Health Care industry there are still some obstacles to overcome. Especially when considering the necessary compliance to HIPAA. For instance, a regular email is not encrypted and therefore not HIPAA compliant. Which is why a patients personal information is not included in an email, not if the Health Care professionals involved wish to avoid a possible fine for noncompliance.

Reencryptcent advances in encryption technology have taken place that enable safe, secure and most importantly HIPAA compliant emailing to take place. It is a technical service that allows patient information to be sent and received securely and legally. One such service called “Tiger Text” is making the goal of secure encrypted emailing a fact.

Tiger Text offers a system that operates the same way as SMSs or emails. If you are familiar with emails, then you will understand the basics of the HIPAA compliant system offered by them. You can add files/pictures and all the usual attachments that you are familiar with when sending a regular email.

The bonus of using a system like Tiger Text (the overall selling point really) is that compliance to HIPAA is regulated by the technology itself. There is nothing for the user to have to do personally to make it work. Which is naturally helpful to anyone who works in Health Care; with the millions of other things on your plate, worrying about properly encrypted emails should not be an added headache to your already busy day. This seems like a very useful technology and is the focus, in regards to HIPAA compliant messaging, for many hospitals and clinics both large an small.

The advantages of having your patient related emails HIPAA compliant are obvious. So this is definitely a service worth investigating. There are several companies that are providing this service and Tiger Text seems to be one well worth your consideration.  Click on the link provided below to learn more.

 

http://www.tigertext.com/hipaa-compliance-for-email/

 

A Game Plan for HIPAA

It’s not that surprising that Health Care providers and hospitals/clinics are sometimes in violation of breaking HIPAA compliance. However it is probably much more prevalent than people realize. The Health Insurance Portability and Accountability Act (HIPAA) has been around for over a decade, first being enforced in 2004.  And although it is referenced often and is in general principle understood by most people, including patients and Health Care professionals alike, it still is a time consuming and sometimes difficult practice to adhere to.

The unsettling news is that, regardless of size and influence, most medical establishments are at some point in danger of violating HIPAA compliance. Luckily there are more ways available to the Health Care field in recent years to make such deviations less likely. Most have to do with the encryption of patient information, proper training for employees and an overall understanding of the laws involved.

There are some hipaa imggggggbasic tools at your disposal when it comes to complying with these laws. It’s obvious that companies in the Heath Care field want to avoid costly fines and lengthy law suits, so most are instigating these practices.

First of all it’s important to have some workforce training. If the employees in your company are properly trained and HIPPA certified then it’s less likely your organization will be in violation. In addition it is extremely helpful to instigate annual refresher courses. This will help keep everyone up to date and mistakes in adherence will be less likely. It’s basically a way to reacquaint your staff with HIPAA guidelines.

As much as you as a Health Care professional plan ahead and study, in some cases it is almost unavoidable that an issue will arise. Therefore it is good practice to have some sort of contingency plan to help deal with instances where a possible violation has occurred.  You should have some sort incident response in place to deal with the possibility. Be ready to document and address the cause of these discrepancies, it’s an important process that will have you prepared for violations should they arise.

For more information on how you can best prepare yourself and your staff in regards to HIPAA compliance please follow this link.

How RingRx Uses New Technology to Advance On-Call Service

Do you need a better way to manage your incoming calls? More importantly does your practice suffer from problems with the way after hour acute calls are managed? The standard fall back has always been a live answering service. And for many years (since the beginning of time?) that has been the only option.

RingRx was founded to help take the inconsistencies out of the the traditional answering service. Designed to make getting your after hours/urgent calls in a user friendly, intuitive manner and to take away the problems that are inherent with any switchboard system. This is a matter of technology catching up with the need. And this is specifically why RingRx was created.

The unfortunate reality is that people make mistakes. Even the brightest among us are prone to error. Sometimes it’s a simply a matter of information being incorrectly recorded, for whatever reason. It could be as simple as the switchboard operator misunderstanding the caller. Other times it’s not knowing whether or not someone should be paged and there is some question about where the call falls in regards to the paging procedure. The bottom line is that there is too much guess work involved for a person and these discrepancies can take their toll. What inevitably ends up happening is that you end up adding more work hours onto your own day when you have to take calls that should have been held for the office.  If there were a seamless integration between the caller and the person on call then these issues would be diminished, even removed and erased all together.

RingRx offers an answer to these issues, and many others. For instance, think about the time and money that goes into having your calls routed by a traditional answering service. This is something that has been an inevitable consequence of the call center for years. There simply was no other option. But it isn’t exactly a “cheap” service. A system that can be integrated into DR PHONEEEEEEEEEEEyour phone and takes the place of the all-to-human element is beyond helpful, not to mention cost effective. It’s one of those easy decisions, like switching to a VoIP phone system. Not only is it a better service, it also saves you money.

Something unique to RingRx, and something of great value to medical professionals is our ability to encrypt patient information in a manner that avoids a HIPAA breach. RingRx makes use of an encryption technology, which by it’s very nature ensures that your messages are stored within the strict guidelines demanded by HIPAA. So it goes without saying that making sure your messages are HIPAA compliant is of the utmost importance to your practice. It isn’t something that you should have to worry about, and RingRx makes sure that you wont have to.

If you have a smartphone then you can have the convenience of RingRx on the go, anywhere. The App, that is downloadable for your phone, makes checking messages and responding to important time sensitive calls a breeze. It offers all the services provided by a traditional call center with none of the headaches. For those who want the most out of their smartphones this application is a bonus for the professional on the go.

The ability to check your messages at any time and to store them indefinitely is of course quite helpful. That way, at your own digression, you can prioritize your calls and decide how best you will respond. These features are exclusively available on the RingRx website. The time and energy spent sifting through improperly connected calls and having all of your messages stored safely and secure is an extremely satisfactory advantage to using RingRx.

The other end of the spectrum, the “meat and potatoes” as it were, is the obvious upgrade in patient care. If it’s going to make your life as a physician easier it most certainly will make the patients experience a better one as well. Just imagine a patient having to call, be put on hold, explain whats going on with themselves, and the waiting (hoping) that a doctor will soon speak with them, possibly. This process becomes streamlined with our service. There is no “middle man”. The automated call system will assist the caller in the most user friendly manner, making the experience for all intents and purposes a good one (considering the nature of the call, this cannot be overstated).

And for those people working in the Healthcare field the advantage of using RingRx in particular is the most beneficial. Indeed, no other call service approaches HIPAA compliance the way we do. The service most certainly fits the need. In addition RingRx comes with a free trial, so you can be sure it is the proper fit for your business. We also offer the most useful customer support available, we are available to answer any questions and help you in the application of our service. You only have so many hours in the day, you shouldn’t have to worry about your after hours calls and your paging service as well. Let us do that for you….

At the Crossroads

The company telephone is “growing up,” it was just a matter of time. If you want your phone to finish the transition from unruly adolescent to well mannered adult you need to switch to a VoIP system. It’s only natural.

The older systems (legacy systems) were designed to perform very specific tasks, with nothing built in to promote growth, no way to integrate new technological advances. In short, no way to evolve.

Companies nationwide (not to mention worldwide) are embracing VoIp systems and making the switch. This is not a trend, it’s a fact. And it’s not specific to only one type of company. The change to a VoIP system is something that’s being done by all types of businesses. From small self starters all the way up to the biggest corporations. From Health Care to Advertising. There are numerous advantages, not the least of which is cost effectiveness.

If you were wondericrossroads girlllllng when the right time to make the switch is, wait no longer. There has never been a better time, the pluses out weigh the negatives in every regard. So much so that there literally are no negatives.

Here are just a few of the advantages of using a VoIP system.

1. You can utilize emails, e-faxing, and even remote conferencing over the internet. This helps to promote increased mobility, the benefits of which can not be overstated.

2. It is easy to install and manage a VoIP system and requires little technical know how. In retrospect, making adjustments to older phone systems required adding separate cabling as well as additional wiring (a fire hazard). Not so with VoIP technology. It is all combined into one single network, making it easier to integrate and use.

3. Employee phone numbers can follow them wherever they go. This is extremely convenient for those people whose jobs take them out of the office.

4. The traditional call system features you are familiar with are available in hosted VoIP systems, including call holding, call transfer, conference calling, find me / follow me, and auto-attendant phone menus.

5. Cost effectiveness is one of the most obvious and important features of hosted VoIP phone systems. Legacy phone systems were expensive, very expensive. In addition, maintenance and repairs could be quite costly as well. But with VoIP systems, you save on the costs of installation and the calls themselves are considerably less expensive.

All of these points are reflected in the services provided by RingRx. Not only will your on-call and urgent calls be dealt with efficiently and professionally, the services supported by VoIP systems will also save you money. In addition, the ability to comply with HIPAA regulations is built into our phone systems and supported by VoIP technology, a unique service indeed. This all comes with very personalized customer support. At RingRx we value our clients overall experience. The technology employed is extremely user friendly, and our main goal is to make your life (the business side of it) easier.

Cloudy Conditions

Some things are glaringly obvious, like the advantages of storing information on cloud platforms. It’s a growing trend of reputable hospitals and healthcare facilities of nearly all sizes. According to the CSA (Cloud Security Alliance), cloud service providers are giving health care organizations the highest priority in regards to providing the most advanced security possible.

Of course the maincloudy condid thing here is encryption. All data, whether it is moving or at rest must be properly encrypted. Safe and secure, that’s what’s required, and as far as storing information on the cloud the importance of this is not neglected. In fact the majority of HIPAA breaches have nothing to do with a lack of security relating to cloud services. Rather it is most often a result of employee negligence. All the more reason to have your devices properly secured as well.

Storing confidential patient information on a cloud platform is not so much a choice, but rather the most secure and beneficial option available. It’s simply the next course of evolution in the business world. And the enhanced security that is integrated into the technology is as up to date as you can get. The heath care field is certainly taking full advantage of this.

http://www.ihealthbeat.org/insight/2015/health-care-is-increasingly-moving-to-the-cloud-but-how-does-security-stack-up

Download our whitepaper on
What a Phone Upgrade Should Look Like
Find out the shortcomings of "typical" solutions