HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Repurposing a Text Alert System for Business as a HIPAA Compliance Helpline

Due to a text alert system for business lacking the mechanisms for HIPAA compliance, the concept of using a system as a HIPAA compliance helpline may seem a little out of the box. However, there are good reasons for suggesting this secondary use of a text alert system, which can also have benefits in training personnel to become more HIPAA compliant.

In a medical environment, a text alert system for business is one of the most effective ways of alerting large numbers of personnel simultaneously to an emergency event. During the emergency event, the text alert system can also be used to coordinate emergency response and check on the wellbeing of personnel, and used for business continuity when other channels of communication are inoperative.

A text alert system for business is typically fast and reliable, and – because text messages sent through the system are recorded for review – the messages are accountable. This makes the system an ideal tool for internal communications during non-emergency events; and one potential non-emergency use of a text alert system for healthcare organizations is as a HIPAA compliance helpline.

The Purpose of a HIPAA Compliance Helpline

The purpose of a HIPAA compliance helpline is to be a source of information for personnel struggling with the complexities of the HIPAA Privacy Rule. Although most personnel will have undergone HIPAA compliance training, there may be times when situations arise that have not yet been covered by the training or – due to the complexity of HIPAA – the person is confused by the context of the situation.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

In these circumstances, it can be useful to have a designated authority (i.e. a compliance officer) at the other end of a communications channel in order to provide answers to HIPAA-related questions. Because of the speed of text messaging, the person in need of guidance only need to text their question to the compliance officer and receive an appropriate answer almost immediately.

By using a text alert system for business in this way, the scenario is avoided in which a person is not sure about whether or not to disclose PHI to a third party, they ask a colleague who is equally unsure, and between them they arrive at an incorrect conclusion. In this respect, repurposing a text alert system for business as a HIPAA compliance helpline can avoid unintentional breaches of HIPAA.

The Secondary Benefit of Repurposing a Text Alert System for Business

Because a text alert system for business is not HIPAA compliant, the system cannot be used to communicate PHI. Therefore, requests for assistance about HIPAA-compliant uses, disclosures, and procedures should not reveal any personally identifiable information. However, the way in which the system is used by personnel will reveal a lot to compliance officers about who does – or does not – understand the HIPAA Privacy Rule.

In addition, there may be situations that arise that are unique to a location or medical service, and not covered by the general HIPAA guidelines. These situations can be incorporated into future HIPAA compliance training in order to address any potential confusion about them in advance. By using the conversations recorded by the text alert system for business, compliance officers can deliver more relevant training based on real-life examples in order to train personnel to be more HIPAA compliant.

In conclusion, a text alert system for business may not be HIPAA compliant, but it is the most effective way to communicate an emergency in compliance with the CMS´ Emergency Preparedness Rule. Healthcare organizations investing in a text alert system may only use it for training and for when an emergency occurs; but there are many other use cases in which organizations can extract additional value from the system. Using it as a HIPAA compliance helpline is just one of them.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.