Does it seem like healthcare is stuck in the 1990’s because modern modes of digital communication have been found to not be compliant? If you think that this is the case, you are only partially correct.
Recently there has been some confusion from the Centers for Medicare and Medicaid Services (CMS) regarding text messaging. In November 2017 CMS said that any text messaging of medical information, including secure messaging platforms, was not allowed. The following month the ruling was modified to acknowledge that communications via text have their place if they are done using a secure platform. However, the ban is still in effect for specific purposes. CMS said, “The practice of texting orders from a provider to a member of the care team is not in compliance with the Conditions of Participation (CoPs) or Conditions for Coverage (CfCs).” This is the case even on a secure text messaging platform. CMS states that orders should be entered directly in the EHR or via a Computerized Prover Order Entry (CPOE) system that immediately enters the order into the EHR system. This means that secure text messaging platforms can be used in healthcare, just not for communicating orders.
We have discussed secure email in the past. Using any “free” email service (Gmail, Yahoo, or Hotmail) is absolutely not in compliance with HIPAA laws. These services do not encrypt the messages in transit or at rest. Moreover, the services themselves will read and mine the messages for key works that can be used in marketing products. Additionally, not all paid email services are compliant. If an email service will not provide you with a signed Business Associate Agreement you cannot be in compliance with the HIPAA laws. Keep in mind that in addition to a compliant email service you must encrypt all messages sent that contain PHI.
Contact the Security professionals at Compunet to make sure your practice is defensibly compliant and secure. As a part of our All in One HIPAA Solution, we offer our clients a free risk analysis for their environment. Check out our quick quiz to see if your practice is compliant!
The link to the December 2017 CMS memo is here.