Learn how HIPAA privacy rules permit healthcare providers to communicate electronically with patients and colleagues while maintaining confidentiality. Discover the precautions needed, such as verifying email addresses and limiting information in unencrypted emails. Patients have rights to request alternative communication methods, and healthcare providers must accommodate reasonable requests. Find out how to navigate state licensure laws for additional confidentiality measures. Gain clarity on patient consent and communication practices for electronic communication in healthcare.
Register,
https://conferencepanel.com/conference/emailing-texting-use-of-personal-devices-by-healthcare-professionals
Russian Call Girls Kota * 8250192130 Service starts from just ₹9999 ✅
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals Need to Know
1. E-mailing, Texting, and the Use of Personal Devices
By Health care Professionals
HIPAA and Privacy Myths vs Reality
Mark R. Brengelman, Attorney at Law, PLLC
Friday, February 16, 2024
1:00 p.m. Eastern Time
1
Conference Panel
2. About Mark R. Brengelman
• Holds Bachelor's and Master's Degrees in Philosophy from Emory University, Atlanta,
Georgia
• Earned a Juris Doctorate from the University of Kentucky College of Law, Lexington,
Kentucky
• Served out a successful twenty-year career with state government in Kentucky,
including…. now in private practice since 2012
• Was a former Assistant Attorney General assigned to multiple state licensure boards in
health care and other professions – General Counsel and Prosecuting Attorney
• Has presented Continuing Education for over 50 national and state organizations and
private companies, including the Kentucky Office of the Attorney General, the Kentucky
Bar Association, the National Attorneys General Training and Research Institute, the
Federation of Associations of Regulatory Boards, and eight of its member associations in
psychology, physical therapy, dentistry, nursing, veterinary medicine, emergency medical
services, state licensed contractors, and athletic trainers
• Has represented all three branches of state government, a local municipality in
governmental ethics, and now two state licensure boards
Represents:
• licensees before state licensure boards and in other professional matters
• two state licensure boards – on the government side
• parents and kids in confidential child abuse and neglect cases, termination of parental
rights, and adoption proceedings
3. Introduction - based upon the content of this program, you will be able effectively to identify:
• The basics of HIPAA privacy;
• The basics of HIPAA and the use of electronic communications;
• Examples of state licensure laws governing protected health information;
• Elements of privacy notices and communications practices with patients;
• Texting, e-mailing, and personal devices;
• Bonus: website confidentiality and privacy disclaimers for the health care practitioner.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
3
4. Disclaimer! Goals of the content of this program – what this does and does not cover:
• Does provide a broad overview of HIPAA confidentiality issues and electronic communications for texting,
e-mailing, and personal devices;
• Does not cover everything about HIPAA, or HIPAA as applied to any specific health care profession, and;
• Does educate the person attending to ask the right questions in their own state, health care facility, and
profession about compliance with HIPAA confidentiality and the use of electronic communications.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
4
5. The basics of HIPAA privacy.
The basics of HIPAA requirements for patient records – federal right of privacy.
Confidentiality also involves:
• State law privacy rights;
• Medical confidentiality as found in state licensure laws, especially in mental health, less in physical medicine
(such as physical therapy);
• Medical confidentiality found in national and state codes of ethics (most usually non-binding! Ex: Elvis Presley
impersonators code of ethics);
• Employment policies and human resources manuals of employers, and;
• State rules of evidence for privileged communications.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
5
6. The basics of HIPAA requirements for protected health information:
• HIPAA was effective in April 2003 – applied to health care providers who submit payment requests via
electronic means;
• “Protected Health Information” (PHI) for “covered entities” – also covers independent contractors who are
“business associates” – does include law firms who hold medical records as PHI, and;
• General definition: PHI is any information held by a covered entity that concerns health status, provision
of health care, or payment for health care that can be linked to an individual - interpreted rather broadly as
to include any part of an individual’s medical record or payment history.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
6
7. The basics of HIPAA and the use of electronic communications.
Overview of HIPAA as applied to electronic communication issues:
• Health care professionals and their patients communicate among themselves and with each other;
• Unique to health care as opposed to the general public, confidentiality of electronic communications is an
issue for all health care practitioners;
• Exception: there is private information and there is confidential information, i.e., “protected health
information”;
• E-mail for any business can be hacked – creates more of a problem for covered entities;
• State licensure boards take an interest in patient confidentiality – especially in mental health.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
7
8. Overview of HIPAA as applied to electronic communication issues:
Why use texting and e-mail? Reported in media “5 Ways Home Healthcare Providers
Grow by Texting Clients, Employees” by Kenneth Burke (June 4, 2019): This is about texting.
• Texting is quicker – response time is quicker;
• Only 20% of e-mails are read by the recipient – response time is slower. Example: I ask that legal clients
review e-mail and respond at least once per day, and if they go on vacation and something is pending I
confirm their frequency of checking e-mail, or when they will be back to the office/home to do so;
• A telephone call requires the recipient to be available at the same time as the caller, and;
• A significant number of Americans depend on medical apps as part of their medical care; 58% of
smartphone users have downloaded a health app.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
8
9. Overview of HIPAA as applied to electronic communications – common sense suggestions for the employer:
• Do have an interdisciplinary team review your employment policies relating to confidentiality and
electronic communications, including social media and related topics;
• This should include an employment policy governing the employee’s use of electronic communications
mentioning the employer or patients that goes through an employer’s wi-fi or computer system, as well as
electronic communications between the health care provider and the patient;
• Do include representatives from Corporate Compliance, Legal, IT, Human Resources, Risk Management,
Finance, and similar departments on the interdisciplinary team;
• Consider basic security and privacy risk prevention. For example: issuing a smartphone or other
personal device to the health care practitioner to minimize privacy risks – devices that have to be kept
secure, are maintained by your IT department, can be remotely accessed and wiped clean if needed
because they are lost;
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
9
10. Overview of HIPAA violations, with an emphasis on state licensure boards and agencies:
• State licensure boards and agencies – how state laws may apply to violations of confidentiality of
Protected Health Information – state laws as applied to licensed health care professionals;
• Privacy interests in your root canal? Note medical histories of patients have the most private information
(sexual history, medications, etc.) – current medical records of current procedures may also be very
confidential (current medications, etc.);
• Generic laws where HIPAA is never mentioned – how generic laws for state licensure agencies may
implicate HIPAA;
• HIPAA sanctions for violations;
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
10
11. Overview of HIPAA and electronic communications – some takeaways:
• Review the ways your staff may be using cell phones that introduces risk to patients and to the
organization – use of personal cell phones for business use and data sharing, and use of employer
internet for personal use and data sharing;
• Consider the best option for a cell phone service provider moving forward – work with a provider
experienced in government or health care organizations, and under contract;
• Explore ways to train staff members who will be using cell phones at work – start with clear employment
policies and device-specific agreements (i.e., business laptop, cell phone) – I’m big on this;
• Decide which uses of cell phones should be permitted by employees of different types of organizations –
employment policy not to use personal cell phone on employer internet service and allowing business use
of cell phone on employee’s own internet service away from work and apply to all workers;
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
11
12. Overview of HIPAA and electronic communications – some takeaways, con’t.:
• Cover the essentials you need to include in your HIPAA policy concerning smartphone access and usage
– covers use of personal cell phones for business use, and use of employer internet for personal use;
• Plan an efficient way to implement new training and policy on the use of cell phones and HIPAA
throughout the organization – handing out new business devices for employees will get their attention!
• What is a “HIPAA compliant phone?” May include a Business Associate Agreement for a package of
services, including a telephone number that can send and receive texts that is HIPAA secure and
compliant
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
12
13. Overview of HIPAA and electronic communications – some takeaways, con’t.:
• Data sharing – covers personal internet for business use and business internet for personal use;
• Updates for 2022 – see current enforcement discretion;
• Business associate agreements – should include e-mailing and texting by specific reference;
• Call logs and PHI – maintain these;
• Texting and PHI – use a secure and encrypted method;
• Bring your own device (“BYOD”) – cover this in your human resources policy;
• Voice over internet protocol (“VOIP”) – just another way to use the internet for phone calls, secure???
• Additional security measures – IT specific firewalls and other measures;
• Doctors and texting (i.e., physicians) – same as other health care professionals, same rules!
• HIPAA policy for cell phones – cover this in your human resources policy.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
13
14. Overview of HIPAA and electronic communications – some takeaways, con’t.:
• State licensure laws, professional codes of ethics, and the concept of confidentiality should be firmly
ingrained in health care professionals’ psyches and work habits by now;
• Direct communication with patients by the health care practitioner or their employees is relatively new;
• When misused, electronic communications also carry legal risks that could negatively affect the
organization and result in personal consequences for the individuals involved – misuse is just another
example of a HIPAA violation, and;
• Most common consequence seems to be losing one’s job.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
14
15. What have we covered today?
• The basics of HIPAA privacy;
• The basics of HIPAA and the use of electronic communications;
• Examples of state licensure laws governing protected health information;
• Elements of privacy notices and communications practices with patients;
• Texting, e-mailing, and personal devices;
• Bonus: website confidentiality and privacy disclaimers for the health care practitioner.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
15
16. Conclusions – top takeaways:
• HIPAA is not new - day-to-day basics of HIPAA should be routine;
• Confidentiality is not new – especially in mental health practice;
• State licensure laws of health care professionals are not new – these contain the most basic of mandates
that can now be violated in new ways via electronic communications;
• E-mail and texting are permitted with precautions – only encrypted messages and methods demonstrate
absolute compliance with privacy, and;
• Warn patients about e-mail risks and get their informed consent, then limit the protected health information
that is shared electronically by regular methods of e-mail and texting.
E-mailing, texting, and the use of personal devices by health care professionals
– HIPAA and privacy myths vs reality
16