Medical Records & HIPAA Compliance

Stage 2 Meaningful Use raises the bar on the elements that have to be in place in terms of HIPAA compliance and medical records security. In order to qualify for Medicare and/or Electronic Health Record (EHR) incentive payments, eligible healthcare groups must now meet a new range of requirements..

The Main Changes to Stage 1 Meaningful Use

There are three Main changes to Stage 1 Meaningful Use and four new requirements to be met by eligible healthcare groups under Stage 2 Meaningful Use. The three main changes are:

  • Rather than listing more detailed demographics of 50 percent of patients, healthcare organizations now have to list more detailed demographics of 80 percent of patients.
  • A deadline of 36 hours now exists for supplying a patient with an electronic copy of their medical records. Previously there was no time restriction.
  • Whereas under Stage 1 Meaningful Use the storage of electronic health records had to be protected, this now applies to electronic document sharing.

These changes can all be put in place with help from a secure texting solution. Medical workers can record patient data on their mobile devices, print off an electronic record of a medical record from a linked EHR and use secure texting to share documents, images and videos including ePHI.

The New Requirements Under Stage 2 Meaningful Use

The new requirements under Stage 2 Meaningful Use tie in closely with HIPAA compliance and medical records security. Like Stage 1, the demands can be accommodated with the integration of a secure texting solution with an EHR:

  • Healthcare groups now have to document patient health behavior electronically.
  • Images – such as x-rays, scans and wound images – must be accessible by EHRs.
  • The passage of medications must be reviewed from clinician to administrator.
  • Prescription handoffs must be completed electronically.

When implementing secure texting for HIPAA compliance and medical records security, documenting patient behavior and including images to an EHR is straightforward. Medical professionals can record patient notes on their mobile device and send them to the EHR. Images can also be saved on the EHR.

The passage of medications and prescription handoffs can also be managed with a secure messaging platform. This is the platform through which all ePHI travels when it is sent using secure texting. The platform also generates audit reports to help administrators determine how processes can be improved.

HIPAA Compliance and Medical Records Security with Secure Texting

Secure texting helps healthcare groups maintain HIPAA compliance and medical records security, keep patient data up to date in real time, and securely send documents and images – particularly important when a patient attached to a different healthcare group is receiving treatment at your medical facility, and medical records need to be exchanged quickly and safely.

When healthcare groups use secure texting to keep patient’s EHRs up-to-date, supplying a copy of the treatment a patient has received on discharge is as simple as pushing a button. This ease of use can significantly cut patient wait times while paper records are being collated. Additionally, the reporting of Clinical Quality Measures will also be much quicker when the data is maintained on one secure database.

Prescriptions can be reviewed and forwarded securely with secure text messaging – cutting patient waiting time while their orders are being confirmed – and, as all access to patient’s medical records is monitored in accordance with the HIPAA technical safeguards, there is no risk of medical records being compromised during any of these secure texting operations.

More Benefits of Secure Texting for Healthcare Organizations

As well as meeting the demands of Stage 1 and Stage 2 Meaningful Use, and ensure HIPAA compliance and medical records security, setting up a secure texting solution can streamline workflows, increase efficiency and enhance the standard of healthcare received by patients in a cost-effective fashion:

  • Discussions about a patient’s healthcare can be directly added to their EHR to cut out the manual input of treatments and medications.
  • Delivery alerts and read receipts reduce how much time medical workers waste playing phone tag and enable them to use their resources more productively.
  • Physicians can collaborate safely to determine patient diagnoses, manage the administration of appropriate treatments and accelerate patients’ recoveries.
  • Emergency services personnel, on-call medics, and home healthcare workers can securely receive patient data “on the go” with secure texting.
  • Administrators can overlook accessibility settings when a secure texting solution is linked with a corporate directory to assist with HIPAA-required risk assessments.
  • Administrative controls can also lessen the risk of patient data being compromised if a message is shared with the wrong person or if an authorized user loses their personal mobile device.

HIPAA Advice for Medical Records

The HIPAA guidelines for medical records do not just apply to medical records that are created, stored or sent electronically. All medical records are governed by the HIPAA Privacy Rule and the same considerations should be given to keeping the integrity of paper medical records and preventing the unauthorized disclosure of PHI.

Although the HIPAA guidelines for medical records maintained on paper are not as in depth as those for electronically-maintained medical records, many of the same standards still apply. Covered Entities and Business Associates should set up a process for logging records and tracking their location while in transit. They should be stored in areas where there is controlled access and only be used in areas that have security measures in place to minimize accidental disclosure of PHI.

More HIPAA guidelines for medical records maintained on paper can be found under the “General Principles for Uses and Disclosures” section of the OCR´s Summary of the HIPAA Privacy Rule.


About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas should has data protection and innovations such as telehealth.