Share this article on:
In today’s healthcare environment it is essential to involve patients more in their own healthcare and greater efforts must be made to engage patients. Physicians are now expected to achieve more during patient consultations, yet the cost of healthcare provision must also be decreased.
There are numerous ways this can be achieved. Pre-visit check-ins can be performed, patients can be enrolled in remote health monitoring programs, and offered telehealth services. More online visits should also be conducted.
However, the Health Insurance Portability and Accountability Act, specifically the Security Rule, poses problems for physicians looking to improve care and engage patients in their own healthcare. The Security Rule places a number of requirements on HIPAA covered entities to ensure that patients’ Protected Health Information (PHI) is protected at all times.
Any healthcare provider wishing to take advantage of the wealth of new technology now available must ensure that efforts are made to keep private data secure. If insecure communication channels are used to communicate with patients, and efforts have not been made to safeguard transmitted PHI, the OCR and other federal and state regulatory bodies can be fined for violating the privacy of patients.
Why Secure Text Messages must be used to Communicate PHI under HIPAA Rules
Under HIPAA Rules, Protected Health Information (PHI) is defined as any patient health information that can identify a patient that is created, used or disclosed during the course of the provision of health services. There are 18 separate identifiers specified by HIPAA Rules:
2. Geographical subdivisions smaller than a State (street, city, county, full zip codes etc.)
3. Dates (except year) directly related to an individual, including birth dates, admission dates, discharge dates, etc.)
4. Phone numbers
5. Fax numbers
6. Electronic mail addresses
7. Social Security numbers
8. Medical record numbers
9. Health plan beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers, including license plate numbers
13. Device identifiers and serial numbers
14. Web Universal Resource Locators (URLs)
15. Internet Protocol (IP) address numbers
16. Biometric identifiers, including finger and voice prints
17. Full face photographic images and any comparable images
18. Any other unique identifying number, characteristic, or code
According to the Department of Health and Human Services’ Office for Civil Rights, under the HIPAA Security Rule, electronic PHI (e-PHI) can be sent over an electronic open network, provided it is adequately protected.
For example, a physician could send a SMS text message containing details of an appointment for a medical test, but since SMS messages are transmitted over an insecure, open communication channel, sending a SMS message would constitute a HIPAA violation unless that message has been encrypted.
Secure text message services, such as those offered by TigerText, the country’s leading provider of secure enterprise messaging solutions, offer a solution to healthcare providers wishing to communicate with patients via SMS.
Messages are protected with end to end encryption thus preventing communications from being intercepted and viewed by unauthorized individuals. Physicians can therefore use these services to communication with patients without risking a HIPAA violation or risking a patient privacy violation. According to the U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC), the use of secure message services by physicians to communicate with patients has increased substantially.
Physicians’ Use of Secure Text Messages Increases 30% in Just 12 Months
In January, the HHS announced there would be a change to way Medicare payments are issued to healthcare providers. The goal is to move from a system that makes payments based on volume to a model based on the provision of quality medical care.
Patient–centered care means patients must be involved more in the provision of their medical services. One way of achieving this is to facilitate the exchange of electronic health information. In fact, recently ONC issued an Interoperability Roadmap, which is intended to help usher in a fully interoperable health system. It describes a path that can be used to develop processes that allow ePHI to be seamlessly shared with patients and their healthcare providers.
In order to test whether physicians – and healthcare providers in general – are working toward this common goal, ONC conducted a study to determine whether patients are actually being involved more in their healthcare, and whether physicians are communicating PHI electronically in line with the HHS’s goals.
To do this, ONC used data collected by the National Center for Health Statistics, and assessed the proportion of physicians that are sharing ePHI with patients. ONC found that between 2013 and 2014, physicians’ use of secure text messages to communicate with patients increased by 30%. In 2013, 40% of physicians exchanged secure messages with patients, and that figure had risen to 52% by 2014.
ONC also determined that in 2013, 46% of physicians shared information electronically with patients, and by 2014 that figure had risen to 57%: An increase of almost 24%.
Patients were also increasingly being provided with a means to view, download or transmit data. The figures show a rise from 33% to 47% during the same period: An increase of 42%.
The data are encouraging, showing improvements have been made and more healthcare providers are offering services concentrating on quality over quantity. However, when it comes to improving health information exchange between healthcare providers, progress has been slow. In 2013, 39% of physicians electronically shared patient health information with other providers, but by 2014 that figure had only risen to 42%: A rise of only 7.7%.