The most recent version of the HIPAA compliance regulations were passed with the Final Omnibus Rule of 2013. They extend the rights of patients under the HIPAA Privacy Rule, now include business associates, and bring in new administrative, physical and technical safeguards under the HIPAA Security Rule.
The HIPAA compliance regulations reflect alterations in working practices and technological advances over recent few years. Many more medical workers are supporting their workflows by using their personal mobile devices. The improper use, theft or loss of mobile devices is estimated to result in thousands of security breaches annually. The most recent HIPAA compliance regulations are intended to stop these breaches.
HIPAA Privacy Rule Compliance
Along with extending the HIPAA compliance regulations to business associates, other amendments to the HIPAA privacy rule introduce new guidelines for the conditions under which Protected Health Information (PHI) should be shared with anybody other than the patient.
Basically, only the minimum “individually identifiable health information” should be shared without patient authorization – whether this is done face-to-face or via electronic media. The Rule also allocates patients certain rights about their health information, including rights to examine and receive a copy of their health records, and to request corrections.
Key Compliance Concerns within the HIPAA Security Rule
The HIPAA compliance regulations included in the HIPAA Security Rule create a number of issues for healthcare groups and HIPAA covered bodies. The key issues revolve around the encryption of PHI at rest and on the move, identity authentication and message accountability, and safeguarding against the unauthorized sharing of PHI.
Encryption is given such a high profile due to copies of unencrypted SMS messages and emails remaining indefinitely on service providers’ servers where they can be accessed by an third party. Identity authentication and message accountability is required to make sure only authorized personnel receive messages contain PHI, while mechanisms must be put in place to stop the unauthorized disclosure of PHI.
How Secure Messaging Helps Settle the Key Compliance Concerns
Secure messaging works by establishing an encapsulated network for authorized personnel within a healthcare group. Authorized personnel access the network via secure messaging applications that can be installed on any desktop computer or mobile device, but which require a centrally-issued username and PIN before they link up with the network.
Thereafter authorized personnel can send PHI with the convenience and speed that mobile technology puts in place. Safeguards are there to prevent PHI being transmitted beyond the healthcare group’s network, copied and pasted or saved to an external hard drive. An automatic log off function also stops unauthorized access to PHI when a desktop computer or mobile device is left unattended.
Should a mobile device be misused, stolen or lost, administrators can PIN-lock the app and remotely erase all communications from it. Administrators also receive activity reports in order to ensure adherence to the HIPAA compliance regulations and message accountability. These activity reports also help administrators getting ready for risk assessments – another vital part of the HIPAA compliance regulations.
The Cost-Effective Advantages of Secure Messaging
Secure messaging not only helps healthcare groups adhere to the HIPAA compliance regulations, it can also be a cost-effective way of aspeeding up the communications cycle. The features that ensure message accountability also prevent phone tag – estimated to account for 45 minutes of a medical professional´s time each day – while a group messaging function fosters collaboration and accelerates hospital admissions and patient discharges.
The price of secure messaging is much less than other mechanisms that could be used to comply with the HIPAA compliance regulations. A survey carried out by HIMSS Analytics concluded that secure messaging solutions were more than 40% less expensive to manage than pager systems – not taking into account the cost of providing pagers capable of encrypting messages to all authorized personnel.
An advantage of secure messaging which is indirectly cost-effective was identified by the Tepper School of Business at the Carnegie Mellon University in a study called “Saving Private Ryan”. Experts from the School of Business found that, when secure messaging solutions were put with EMRs, patient safety issues fell by 27% and medication errors dropped by 30%.