1) Electronic Medical Record (EMR) System
Just ten years ago, roughly nine out of ten doctors, updated their patient records by hand and stored them in color-coded paper files. By January 2015, eight out of ten (83%) office-based physicians said they used an EMR. This rapid adoption has been facilitated by increasing costs from lost productivity and huge government incentives.
If you are using one of the major EMR systems, it’s likely that the technical safeguards for HIPAA compliance are in place. However, it still important to consider your physical and administrative controls connected with using your EMR system. Compliance requires all three areas to be maintained, tracked, and trained on.
EHR adoption rates
- In January 2016, 59% of providers reported using an EHR, a slight decline over January 2015 as a result of a much larger sampling size. Source: SKA
- In January 2015, about 8 in 10 (83%) of office-based physicians had adopted an electronic health records (EHR). (Source)
- Since 2008, office-based physician adoption of an EHR has nearly doubled, from 42% to 83%
- 34.8% of physicians reported using a fully functional EHR system (A fully functional EHR includes capabilities such as e-prescribing, electronic charts, and integration with testing and imaging centers). (Source)
- Physician specialties with the highest adoption rates are dialysis (80.6%), internal medicine/pediatrics (75.8%), nephrology (70.5%), and pathology (69.4%). (Source)
- The states with the highest adoption rates are Utah (71.6%), South Dakota (71.2%), Wyoming (71.0%), Iowa (70.8%), and North Dakota (69.2%). (Source)
2) Answering Services
A popular service that many office-based physicians use is an answering service. It is a cost-effective way to improve the patient experience and potentially increase appointment bookings. However, not all answering services are HIPAA-compliant. It is a service/technology that should be included in your compliance audits. Here are three questions to ask when using an answering service.
Do They Send PHI to You via Alpha Pager?
First, if you are still using an Alpha or text pager there are better solutions (like a secure messenger that let’s use send text, photos, videos, and documents). Second, these types of pagers are not secure. The data sent to the pager is not encrypted and the pager itself is not protected by a password. If the pager is lost, stolen, or simply left on a desk anyone can gain access to PHI. There is also no remote data wiping software for pagers. For these reasons, a pager is not HIPAA-compliant and should not receive any PHI. Be sure that your answering service does not send PHI to your pager.
Messages with PHI Texted to your Mobile Phone
Standard text messaging is also not encrypted, hence anyone who wants to monitor the transmission can gain access to the PHI contained within the text message. Just recently, it was learned that fake cell phone towers have been set up for the express purpose of intercepting information. In addition, even though cell phones can have passwords protecting the access to the phone, text message notifications can still appear on the lock screen.
To be compliant when receiving text messages, it is necessary to download a secure text messaging app in order to comply with HIPAA HITECH regulations. These apps not only allow HIPAA compliant text messaging from the answering service to the device but also between phones.
Messages with PHI Sent via Email
If you are receiving email with PHI from your answering service, it is critical that you can confirm it is encrypted. And that leads us to our next technology.
3) Email System
Standard email that is sent from one user’s computer to another is vulnerable at any point along that transfer without email encryption. Using unsecured emails not only puts the content of the emails at risk but also the senders’ and receivers’ identities.
Encryption methods can include using TLS encryption. This means that as long as your mail servers are configured to properly support TLS, it will be impossible for a passive adversary along the route to intercept and/or modify the message. Not sure if your mail server has TLS enabled? Use this online tool to test your email address http://www.checktls.com. Be sure to confirm your answering service’s email address with this tool as well.
4) Smartphones
Eighty percent of physicians are using their smartphones to communicate for work purposes. Research studies, as well as our medical advisory board, show us that texting can be very beneficial to patient care — due to its speed, efficiency and transparency. Sending texts, photos, videos, and documents to a peer or a group of peers has never been so easy; however exchanging this confidential information could result in a HIPAA violation if a secure messenger is not used.
MEDX is capable of exchanging texts, photos, videos, and documents (over 15 file types) all within HIPAA compliance guidelines. It is also designed by the end user, making it simple to use and very fast. When using MEDX, you get the best of both worlds — a high quality app that is medical friendly and the technical safeguards to assure information security.