By Terry Edwards, CEO, PerfectServe
Enabling mobile electronic communication between clinicians can enable hospitals, health systems, and physician practices to deliver high-quality care at rapid speeds. But securing these communications becomes a major challenge for providers – one that cannot be ignored.
Before the digital age, clinicians relied on rolodexes, flowcharts, third-party messaging services, and Post-it notes to communicate, leaving plenty of room for human error or incorrect interpretation. These obstacles often led to delayed response time or missing information that may be considered crucial to the outcome of the patient. It was not that long ago when pagers were considered the mobile communications standard of care.
Today, however, we have a proliferation of mobile communication devices, services, and applications that are used by clinicians, and we have increased HIPAA-compliance regulations. Because electronic protected healthcare information (ePHI) is transmitted and accessed by these devices, according to the law that information must be secured. This presents an overwhelming challenge to providers, their staff, and their businesses.
In the unfortunate event that a breach occurs due to lack of security precautions, not only is patients’ trust in the practice undermined, but the reputation of the organization is devalued. It can also result in high legal fees and expensive settlements, which providers may be fully accountable for depending on the nature of the incident. In fact, according to a recent study by the Ponemon Institute, the average cost of HIPPA breaches for 2010-2012 was $2.4 million per organization.
Please log in or register below to read the full article.
By Terry Edwards, CEO, PerfectServe
Enabling mobile electronic communication between clinicians can enable hospitals, health systems, and physician practices to deliver high-quality care at rapid speeds. But securing these communications becomes a major challenge for providers – one that cannot be ignored.
Before the digital age, clinicians relied on rolodexes, flowcharts, third-party messaging services, and Post-it notes to communicate, leaving plenty of room for human error or incorrect interpretation. These obstacles often led to delayed response time or missing information that may be considered crucial to the outcome of the patient. It was not that long ago when pagers were considered the mobile communications standard of care.
Today, however, we have a proliferation of mobile communication devices, services, and applications that are used by clinicians, and we have increased HIPAA-compliance regulations. Because electronic protected healthcare information (ePHI) is transmitted and accessed by these devices, according to the law that information must be secured. This presents an overwhelming challenge to providers, their staff, and their businesses.
In the unfortunate event that a breach occurs due to lack of security precautions, not only is patients’ trust in the practice undermined, but the reputation of the organization is devalued. It can also result in high legal fees and expensive settlements, which providers may be fully accountable for depending on the nature of the incident. In fact, according to a recent study by the Ponemon Institute, the average cost of HIPPA breaches for 2010-2012 was $2.4 million per organization.
While these risks seem like a large beast to tackle, the sooner an organization takes a realistic look at its HIPAA-compliance strategy and acts upon that strategy, the sooner the risks start to decrease. The final HIPAA rule requires practices to take a full look at their PHI security risk and establish policies and procedures to manage that risk. It’s important for healthcare executives to understand that as they work toward HIPAA compliance, the emphasis should be on the risk management process rather than on the technologies used to manage risk. Unfortunately there is no one-size-fits all approach. The good news is, there are steps providers can take in working toward HIPAA compliance that make the electronic communications security challenge seem a little more manageable.
- Conduct a formal risk analysis – This can be done internally or through a consultant, but the assessment should consider all types of technology used for electronic communication and the transmission routes for all electronic protected health information: Where is ePHI flowing out of our organization and to whom? What mobile devices are staff members using to access ePHI? Are those devices personal, or provided by the organization? Are third-party answering services or call centers being used? If so, are they storing your ePHI in a manner that is compliant with the new HIPAA regulations? Are they transmitting that information to your providers in a secure manner? Successful strategies for securing communication start with understanding where your biggest risks lay.
- Develop a customized risk management strategy – Based on the results of your risk analysis, the strategy should be specific to the needs and vulnerabilities of your organization. The strategy should identify detailed policies regarding permitted staff behavior when communicating ePHI, including steps to take for auditing in the case of a potential breach.
- Train your staff – Implementing policies can only go so far if your staff isn’t equipped with the necessary background and tools to carry out these policies. Be clear on every responsibility for every level and monitor how staff is practicing their task.
- Sustain momentum – Government policies and industry standards are constantly evolving, requiring that risk be monitored and measured on an ongoing basis. This means going back on a periodic basis and reassess your risk, revising policies, conducting training and monitoring. Securing communications is not a once and done deal, and successful strategies require constant check-ins to make sure the goals are aligned with the results.
The security risks associated with the ever-growing opportunities for clinicians to communicate electronically do not outweigh the crucial speed and efficiency of care delivery that they have allowed. Working toward secure electronic communications is nothing to be afraid of and can be accomplished with the appropriate planning, checks and balances.
About the author
Terrell Edwards is the CEO of PerfectServe. As chief executive, Edwards has dedicated himself to delivering the most accurate, safe, and efficient patient-care communication processes, and the most satisfying customer experience in the healthcare industry. Prior to starting PerfectServe, Edwards served as VP of sales for Voice-Tel and previously co-founded Milepost Corporation. Edwards earned a bachelor’s degree in music at Bowling Green State University and a degree in theological studies at Lourdes College.