New HIPAA Rules for Text Messaging & Email

There is a simple 3 step HIPAA “safe harbor” that frees Covered Entities and Business Associates from any responsibility or liability for unauthorized access to Protected Health Information (PHI) in unencrypted emails and text messages during transmission and after receipt by the patient.

Patient Engagement is a cornerstone of MACRA. Communication technology offers indispensable patient engagement tools. Secure patient portals are available. So are encrypted text message and email products. But patients overwhelmingly choose non-secure communication tools like text messaging and email.

Appointment reminders, healthcare instructions, patient satisfaction surveys, health and wellness newsletters and recall reminders are just a few patient engagement tools sent electronically by regular (unencrypted) email and text messaging. The HIPAA Rules for sending Protected Health Information (PHI) by unencrypted electronic transmission are clear – and new.

The first became effective with the HIPAA Omnibus Rule (September, 2013). Further, important guidance was published by the U. S. Department of Health and Human Services in 2014 and 2016. There are widespread violations of the HIPAA Rules for communicating with patients by unencrypted email and text message – largely because Providers and Business Associates just don’t know the rules – and don’t understand what PHI really is – as defined by HIPAA.

The HIPAA Rules and HHS/OCR guidance provide a simple, easy to use 3 Step Safe Harbor for using unencrypted email and text messaging to engage patients This session will explain the 3 Step HIPAA Safe Harbor. The secret is – HIPAA Rules are easy to follow, step-by-step – when you know the steps.

Learn more :  https://www.mentorhealth.com/webinar/new-hipaa-rules-for-text-messaging-&-email-801771LIVE?wordpress-seo

 

De-Identification of PHI under HIPAA

As health information grows, sharing it among healthcare providers and researchers is necessary for providing and advancing healthcare services and healthcare research. But the Health Insurance Portability and Accountability Act (HIPAA) of 1996 severely limits how Protected Health Information (PHI) can be shared. It also has restrictions regarding how to protect it when it is shared.

One way of legally sharing PHI is to de-identify the information. Once PHI has been de-identified, it is no longer protected under HIPAA and may be shared freely without limitation. Information that is properly de-identified may be shared in some cases, and this kind of information is easier to share.

De-identification has to be done diligently

Yet, de-identification is not easy, and if it is not done correctly, the sharing of the information may be considered a breach that requires reporting to HHS and carries the potential for penalties and corrective action plans. Any information that gets released without getting properly de-identified can result in fines and corrective action plans that can run into the millions of dollars. It is hence necessary to ensure that the resulting information is truly de-identified and its use or disclosure will not result in a reportable breach under HIPAA.

Despite the strict controls imposed by HIPAA, a few loopholes such as the patient’s initials, may make it possible to guess vital information about the patient. It is to avoid a scenario such as this that the right process needs to be followed to ensure that data that is shared is shared appropriately, either as identifiable information, as a partially de-identified Limited Data Set, or as properly de-identified information.

Detailed learning on all the areas of de-identification

Clarity on these vital areas will be offered at a webinar that is bring organized by MentorHealth, a leading provider of professional trainings for the areas of healthcare. Jim Sheldon-Dean, who is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities; will be the speaker at this session.

Please visit to gain valuable guidance on the crucial aspect of de-identification of PHI under HIPAA.

Jim will explain the guidance from the HHS Office for Civil Rights (OCR) and from the National Institute of Standards and Technology (NIST) on how to properly de-identify health information. He will explain the various needs for de-identified information and examine the typical questions that are covered in the guidance. The aim of this discussion is to provide a sound, defensible basis for an organization’s decisions and processes surrounding de-identification of PHI.

Commonly used procedures for de-identification

Commonly used procedures for de-identification of Protected Health Information include:

• Removing all eighteen of the listed identifiers or anything else that might be used to identify the individual about whom the information exists
• Getting an expert to certify that the information is not identifiable.

Even these steps are not foolproof. More scrutiny is needed to be sure the data cannot be identified. Jim will show the specific steps that a healthcare provider must go through to ensure that de-identification of PHI is carried out properly. He will help the participants explore the concepts and methods of de-identification and many of the typical questions that arise.

The following areas will be covered at this session:

• De-identification and its Rationale
• The De-Identification Standard
• Preparation for De-identification
• Guidance on Satisfying the Expert Determination Method
• Who is an expert, how do experts assess the risk of identification of information, what are the approaches by which an expert assesses the risk that health information can be identified, and what are the approaches by which an expert mitigates the risk of identification of an individual in health information
• Guidance on Satisfying the Safe Harbor Method.

Fill the form to get more HIPAA PHI Updates

Avoiding amorous relationships in a healthcare setting

Avoiding amorous relationships in a healthcare setting is of crucial importance in the healthcare industry if the reputation of the healthcare provider has to remain intact. People in senior positions in the medical profession, such as faculty and supervisors exercise considerable authority and power over people that they supervise.

It is thus necessary for those in supervisory positions in a medical practice, clinic, hospital or university setting to show utmost constraint in their behavior towards those over whom they have supervisory responsibilities and avoid amorous relationships in a healthcare setting.

A clear definition of terms

Laws clearly prohibit medical faculty and staff, which include graduate assistants, in a healthcare setting, from having amorous relationships with students over whom they have supervisory responsibilities. A supervisory responsibility is one in which the person in this position teaches, evaluates, tutors, advocates, counsels and/or advises duties performed directly and currently.

This can be either inside the office or outside it, or the clinic or a hospital setting. Amorous relationships have to be avoided, whether the person with a supervisory responsibility is part of the faculty, or is a staff member or a graduate assistant, with respect to a medical, nursing or healthcare professional student.

Definition of tasks carried out by supervisory personnel

The activities that come under the purview of these responsibilities are clear-cut, so that care is taken for avoiding amorous relationships in a healthcare setting. Any of the staff that administers, provides or supervises of all academic, co-curricular or extra- curricular services and activities, opportunities, awards or benefits offered by or through the health entity or its personnel in their official capacity come under the ambit of those who need to be avoiding amorous relationships in a healthcare setting.

The most important reason for which employees who supervise, evaluate or in any other way directly affect the terms and conditions of the employment of their reportees have to avoid amorous relationships in a healthcare setting is that it is prohibited even in cases in which mutual consent is present, or appears to be present.

There are financial reasons for avoiding amorous relationships in a healthcare setting

Avoiding getting into and cultivating an amorous relationship in a healthcare setting is important for a number of reasons. Firstly, it fosters a climate of positivity and healthfulness in the medical practice or clinic or hospital, thus leading to increase in the productivity and morale of the employees.

Beyond this, avoiding amorous relationships in a healthcare setting is also important from a purely financial perspective, as the lawsuit figures from a January 2012 by Jury Verdict Research, Inc. show:

• The costs of jury awards for employment-practice liability cases has been going up consistently from the past nearly couple of decades
• From 1994 to 2000, the overall average jury award in discrimination cases was $150,000
• Sexual harassment complaints increased by nearly one and a half times between 1995 and 1998
• Just about half of all small businesses offer training to their staff on sexual harassment prevention, while three fourths of large companies do.

Learn the nature of the law to avoid amorous relationships in a healthcare setting

To get a clear understanding of the law that relates to avoiding amorous relationships in a healthcare setting and to avoid getting into legal complications, attend a webinar on this topic that is being organized by MentorHealth, a highly popular provider of professional trainings for the healthcare industry.

David Edward Marcinko, Founding Dean of the fiduciary focused CERTIFIED MEDICAL PLANNER® chartered designation education program and Professor and physician executive, will be the speaker at this webinar. To register for this session, please visit

http://www.mentorhealth.com/control/w_product/~product_id=800936/?Wordpress

At this session, David will cover the following areas:

• Consensual Amorous Relationships Defined
• Handling Patient Advances
• Signs of Flirtatious Behavior and Discouragement
• Sexual Harassment Defined
• Preferential Treatment
• Un Reasonable Interference with Performance
• Two-Pronged Test Approach
• Offensive Behavior
• Gender Based Animosity
• Same Sex Harassment
• Employer Liability
• Disciplinary Actions
• Tangible Employment Actions
• Punitive Damages
• Financial and Economic Costs.