Do you have questions about whether your health-related communications are HIPAA compliant? Certainly, failure to comply with the rules of the Health Insurance Portability and Accountability Act can have severe consequences, both from the government and from the loss of patient trust.
So it’s important to make sure your procedures and technology fulfill the requirements of this law. Here are some of the important things you’ll need to keep in mind.
Avoid Sharing Personal Information Unnecessarily
One of the easiest ways to stay in compliance is to ensure that you and your staff don’t share personal health information (PHI) unless you are able to verify the identity of the person you’re talking to. This is especially important when leaving messages if you are unable to contact the patient or authorized representative. Make sure your staff knows they shouldn’t leave any PHI on voicemail or send any through SMS. When onboarding new staff, consider providing scripts or checklists to guide staff in what they can share on a message and what they should avoid sharing.
Double-Check Contact Information
When contacting a patient or sending PHI through electronic means, ensure that you double-check the contact information to prevent accidental disclosure of PHI to unauthorized recipients. An example is a case of a physician’s office that accidentally disclosed a patient’s HIV status to an employer when they meant to send those health records to a new health care provider. Even small mistakes with PHI can have large effects on patients.
Create Device Policies That Ensure PHI Safety
When employees use mobile devices to share PHI, ensure that any PHI is removed from the device before it is shared with another user. This policy has become more critical now that many doctor visits and check-ins are happening by telehealth on mobile devices. You’ll want to ensure that any logs or recordings are removed or turned off so that your devices aren’t at risk of HIPAA violations.
Ensure Your SaaS Vendors Comply as Well
Although voice and messaging platforms like thinQ are HIPAA compliant because they don’t store any information – they are considered conduits and excluded from HIPAA rules – some of the communication vendors you are using may need to fully comply with these rules. You can remain in compliance by asking your vendors to sign a business associate agreement (BAA) certifying that they comply with the security, privacy, and breach notification rules within HIPAA. Depending on your own procedures, you may require your vendors to re-certify those BAAs or verify that they qualify for a conduit exception on a periodic basis.
How thinQ Remains HIPAA Compliant
Because thinQ only passes information through and never stores it, we are covered under the conduit exception. That means you remain HIPAA compliant when you integrate thinQ into your communication system.
Benefits of thinQ for Healthcare
In addition to staying HIPAA compliant, thinQ offers many SaaS businesses in healthcare and providers substantial cost savings, full transparency for voice and text communications, and fast and easy implementation. Read more in our case study.
If you’re ready to see how thinQ can benefit your SaaS platform or healthcare organization, contact us now to schedule a 15-minute demo.