The Department of Health and Human Services’ Office for Civil Rights (OCR) conducts occasional audits of covered entities and their business associates, to ensure they comply with HIPAA regulations. Covered entities include health plans, healthcare clearinghouses, and healthcare providers. Business associates are classified as any business that handles electronic protected health information (ePHI) for a covered entity. ePHI is anything transmitted electronically that can be used to specifically identify a patient: name, date of birth, admission/discharge date, date of death, medical record number, telephone number, address, city, state, postal code, e-mail address, and so forth.
What are the financial impacts?
OCR audits result in millions of dollars in penalties and incurred costs, which can be devastating to covered entities as well as their business associates. The minimum fine is $100 per violation and can go up to $50,000 per violation.
In addition, if a HIPAA-covered entity of a business associate does violate a HIPAA Rule(s), it is possible that the violation could be considered criminal. Criminal HIPAA violations are prosecuted by the Department of Justice (DOJ) against people who have purposefully violated HIPAA Rules, resulting in hefty fines and prison sentences.
How can I protect my organization and employees?
It’s more important than ever to ensure that your organization is using or providing secure, encrypted tools when communicating about patients. Under the HITECH Act of 2009 requirements, which supplemented the HIPAA security guidelines, ePHI handled by both covered entities as well as their business associates must be transmitted, stored, and accessed securely, as well as protected from reasonable threats and unauthorized access.
You need to perform a risk analysis to determine if there is any possibility that your ePHI data could be at risk. If you find that your data is at risk, encryption is the key to minimizing a security breach.
How can a data breach happen?
Almost half of all large breaches take place due to lost or stolen mobile devices. Criminal attacks are another primary reason for breaches. Ensuring your ePHI is always protected, even on all mobile devices, using encryption and other technical safeguards can help eliminate the potential for a reportable breach with regards to that data.
If a breach of encrypted information takes place, it will not be subject to the breach notification rule as the encrypted data is considered to be unusable, unreadable, or indecipherable.
What options are available for encryption?
A small investment in a secure communication method can be a huge insurance policy to avoid civil and criminal penalties. miSecureMessages is a HIPAA-compliant solution with full, end-to-end encryption that does not store ePHI on users’ mobile devices. If a device is lost or stolen, you can easily and remotely deactivate that user to revoke access to ePHI. In addition, the app can require your users to enter a passcode, fingerprint scan, or use face recognition to re-open the app.
In addition to encryption, using miSecureMessages also:
- Provides quiet communications – reduce the number of overhead pages to minimize noise levels
- Increases efficiency – save countless hours per day for you and your medical end-users
- Offers immediate communications – instantly see that your message recipients have received and read your message
- Saves time for call center agents – a message can be automatically closed/delivered based on the status, such as after recipients read it (with e-mail, paging, and SMS text messaging, your agents may need to call a recipient to ensure that a message has been received and read)
- Keeps agents informed – responses can be automatically popped to your agents
- Escalates a message when needed – if recipients don’t read their messages within a specified time, it can automatically be escalated
- Logs complete message histories – every step of the miSecureMessages event history is saved for complete reporting
miSecureMessages is intuitive and easy to use. App users like using the app because it is so fast, but it also:
- Behaves like the devices’ native text messaging apps
- Allows users to add their contact photo and phone number for their colleagues
- Includes message event tracking within the app, with timestamps showing when the messages have been delivered, read, completed, and deleted
- Has added optional features, such as status and on-call to allow users to see their schedule and send messages directly to those currently on call
Secure messaging apps help protect organizations from incurring HIPAA violations. Our miSecureMessage app not only provides end-to-end encryption, but it also enables staff to securely send and receive texts, photos, audio, and video files and seamlessly integrates with existing software to improve an organization’s communication time, while providing settings options to reduce alarm fatigue. miSecureMessages can be used on mobile phones, smartwatches, tablets, laptops, and desktop computers, and is available for Android™ and Apple® iOS devices.
Contact us today for a demo and try miSecureMessages for free for 30 days, on up to 10 devices.