5 letters why HIPAA. What is the single most concerning threat to a provider? I think it is getting sloppy and inadvertently breaking the rules.
My understanding is that emails and texts can be done properly in an office setting, but if done securely or without PHI transmitted. I can control on my end, but not on my patients’.
So this may be a bit arcane, but I have instructed my nurse absolutely no texting or emailing allowed period!!! Only 4 forms of communication allowed in the office. Telephone, snail mail, e-fax/fax, or the HIPAA compliant password protected encrypted secure portal.
Emailing and texting sloppy, not controllable, unable to conveniently archive and retrieve for an audit, and most concerning a liability. The email or text may be easily missed and not integrated in the EHR, especially if utilized off hours.
Updox inbox, co managed by only two members of my staff, nurse and I, works better than fantastic for the e-messaging super highway in my practice. All e-faxes and electronic messages get “chunnelled” through this workspace. Every event is recorded and archived and easily retrievable if ever audited. Updox integrates nicely with Amazing Charts electronic record, so liability using this mode is significantly decreased.
I have instructed my patients to never email or text the office, and yes it is a pain to log on with the password, but if they want to keep me as their doctor, this is how we have to play. I did not make the rules, but if the rules are broken, I will be much poorer and unable to stay in business. This is the reality, and I have to comply.
However, in retrospect, by adhering to this protocol, my office is much more efficient, and runs whistle clean by having the Updox inbox work space shared with my nurse.
Some of the mundane, archaic modes of e-transmittal, such as a practice wide broadcast can be done within the confines of HIPAA. By a click of a button, I can watch in seconds all 755 patient names pop up sequentially on the screen as the “The flu shot clinic will be on this date and that date and message the office to schedule” is sent out. I can rest assured that if a patient responds and has any question with any PHI involved, it is in the confines of a secure portal. It is labor intensive up front to get the portal initiated, but well worth it. I have no idea how I would consistently train each and every patient on how not to text or email any PHI.
Thank you to Sean Ramsey and John Squire for offering the technological gadgetry (at a very reasonable rate) to keep this internist in business.