Everyone uses their cell phones in one way or the other in medical practice. Statistics show that about 10 years ago, 84% of physicians admitted to using a cell phone in their practice. The number has increased now. The Office of Civil Rights (OCR) has been targeting healthcare organizations that have poor HIPAA policies. Using cell phones provides a lot of conveniences but they also pose a huge risk when it comes to HIPAA. Here are three very common ways medical team members may be violating HIPAA when using cell phones and how they can prevent that from happening.
Violation 1: Text Messaging
Text messaging can be quite useful, but it is a potential HIPAA violation. Consider a scenario in which a health practitioner is texting his colleague about a certain patient and the content of the message includes protected health information. That would be a direct HIPAA violation because most cell phone messages are not ‘encrypted’. Also, the medical practitioner will be violating other facets of HIPAA compliance such as data integrity, auditing, access control, and others. Read more on HIPAA Text Messaging Policy here.
How to avoid this HIPAA violation?
It is important not to text content that includes PHI to anyone using non-encrypted messaging applications. Likewise, phones that are used must have password protection so that PHI is not accessible. The solution is to find a medical communications app that takes care of this aspect of HIPAA compliance like Hucu.ai
Hucu.ai is a FREE person-centered messaging network with real-time patient health & staff attrition risk reporting. Innovative post-acute care physician groups and skilled nursing operators are downloading the mobile app (available both in iOS and Android) and improving communication and collaboration immediately. Hucu.ai helps solve key healthcare problems that cause inefficiency and frustration for everyone involved in a value-based care model. For many health practitioners, it is more and more difficult to manage non-HIPAA compliant fragmented communication using outdated 1-1 methods (phone, fax, paper, email, and text) with no accountability. To know more, check out this blog.
Hucu.ai is a complete HIPAA Compliant messaging app
Violation 2: Your Camera Roll
It is easy to consider everyday scenarios in a hospital where one health practitioner could ask his colleague to send them a picture of a patient’s rash, ECG, or even an x-ray. Pictures can also be taken from a cell phone to upload into the EHR because that is quicker, easier and convenient. But is it HIPAA compliant? Probably not! Cell phones do not have photo applications that comply with HIPAA and since images related to a patient’s medical information qualify as PHI, not protecting them properly would be a direct HIPAA violation.
How to avoid this HIPAA Violation?
It is important not to take images if they qualify any of the 18 HIPAA Safe Harbor rules for example, image of a patient in which they can be recognized. If there is a situation in which you need to take such pictures, a medical team member can do that through an app that was designed with HIPAA technical safeguards in place. Again, Hucu.ai is an app that is developed keeping this in mind. When a health practitioner takes images with Hucu.ai, they do not get stored in the ‘photo gallery’ of the mobile. Images remain in the secure ‘cloud’ storage of Hucu.ai’s application that is encrypted. Images also get shared only within the Hucu.ai application which is HIPAA compliant. So you can take pictures, share them in cases of emergencies and get consultation without worrying about breaking a HIPAA rule.
Violation 3: Your Contact List
It is normal for doctors to add patients to their contact list so that they can reach out to them later on and discuss their cases or for any other possible reason. However, that can let social media apps pick this information up which can be a red flag. When a doctor stores patients in their contact list, it is necessary to ban phone applications from accessing that list. Most people don’t know this but applications can leverage phone book to improve your social network. Once these applications have the access to a phone, the social applications may recognize a patient contact as “friend of a friend” of another of your patients, simply because they share the common connection with you. This can lead to these social media applications “recommending” your patients to each other as new connections to make. If one patient can recognize the other one from your waiting room then PHI is leaked and that’s a HIPAA violation. Here is a real example of such a scenario that happened to at least one psychiatrist!
Hucu.ai encrypts all messages for security
How to avoid this HIPAA Violation?
You can only store patient contacts within secure communication apps that were designed with HIPAA in mind or you will have to ban every application on your phone from accessing your phone book. That is a big hassle! It’s for exactly these reasons that we developed Hucu.ai to make communication easy and secure for healthcare practitioners. With Hucu.ai you can chat, speak, and video call with your medical team members without having to store their contact numbers in your phone.
Hucu.ai makes communication super easy, safe and secure. It is easy to install and use within 10 minutes.
Get Ready To Transform Your Organization For Value Based Care.
Subscribe to our monthly newsletter