0 likes | 8 Views
Learn how HIPAA privacy rules permit healthcare providers to use email for patient communication while ensuring privacy and security. Discover essential precautions, patient rights, and state licensure laws governing electronic communication in healthcare. Join this HIPAA E-mailing, Texting, and the Use of Personal Devices by Healthcare Professionals webinar to navigate the complexities of HIPAA rules and state licensure laws for secure email communication in healthcare. Register Now, https://conferencepanel.com/conference/emailing-texting-use-of-personal-devices-by-healthcare-professionals
E N D
E-mailing, Texting, and the Use of Personal Devices By Health care Professionals HIPAA and Privacy Myths vs Reality Mark R. Brengelman, Attorney at Law, PLLC Friday, February 16, 2024 1:00 p.m. Eastern Time Conference Panel 1
About Mark R. Brengelman Holds Bachelor's and Master's Degrees in Philosophy from Emory University, Atlanta, Georgia • Earned a Juris Doctorate from the University of Kentucky College of Law, Lexington, Kentucky • Served out a successful twenty-year career with state government in Kentucky, including…. now in private practice since 2012 • Was a former Assistant Attorney General assigned to multiple state licensure boards in health care and other professions – General Counsel and Prosecuting Attorney • Has presented Continuing Education for over 50 national and state organizations and private companies, including the Kentucky Office of the Attorney General, the Kentucky Bar Association, the National Attorneys General Training and Research Institute, the Federation of Associations of Regulatory Boards, and eight of its member associations in psychology, physical therapy, dentistry, nursing, veterinary medicine, emergency medical services, state licensed contractors, and athletic trainers • Has represented all three branches of state government, a local municipality in governmental ethics, and now two state licensure boards • Represents: • licensees before state licensure boards and in other professional matters • two state licensure boards – on the government side • parents and kids in confidential child abuse and neglect cases, termination of parental rights, and adoption proceedings
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Introduction - based upon the content of this program, you will be able effectively to identify: The basics of HIPAA privacy; • The basics of HIPAA and the use of electronic communications; • Examples of state licensure laws governing protected health information; • Elements of privacy notices and communications practices with patients; • Texting, e-mailing, and personal devices; • Bonus: website confidentiality and privacy disclaimers for the health care practitioner. • 3
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Disclaimer! Goals of the content of this program – what this does and does not cover: • Does provide a broad overview of HIPAA confidentiality issues and electronic communications for texting, e-mailing, and personal devices; • Does not cover everything about HIPAA, or HIPAA as applied to any specific health care profession, and; • Does educate the person attending to ask the right questions in their own state, health care facility, and profession about compliance with HIPAA confidentiality and the use of electronic communications. 4
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality The basics of HIPAA privacy. The basics of HIPAA requirements for patient records – federal right of privacy. Confidentiality also involves: State law privacy rights; • Medical confidentiality as found in state licensure laws, especially in mental health, less in physical medicine (such as physical therapy); • Medical confidentiality found in national and state codes of ethics (most usually non-binding! Ex: Elvis Presley impersonators code of ethics); • Employment policies and human resources manuals of employers, and; • State rules of evidence for privileged communications. • 5
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality The basics of HIPAA requirements for protected health information: HIPAA was effective in April 2003 – applied to health care providers who submit payment requests via electronic means; • “Protected Health Information” (PHI) for “covered entities” – also covers independent contractors who are “business associates” – does include law firms who hold medical records as PHI, and; • General definition: PHI is any information held by a covered entity that concerns health status, provision of health care, or payment for health care that can be linked to an individual - interpreted rather broadly as to include any part of an individual’s medical record or payment history. • 6
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality The basics of HIPAA and the use of electronic communications. Overview of HIPAA as applied to electronic communication issues: Health care professionals and their patients communicate among themselves and with each other; • Unique to health care as opposed to the general public, confidentiality of electronic communications is an issue for all health care practitioners; • • Exception: there is private information and there is confidential information, i.e., “protected health information”; E-mail for any business can be hacked – creates more of a problem for covered entities; • State licensure boards take an interest in patient confidentiality – especially in mental health. • 7
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Overview of HIPAA as applied to electronic communication issues: Why use texting and e-mail? Reported in media “5 Ways Home Healthcare Providers Grow by Texting Clients, Employees” by Kenneth Burke (June 4, 2019): This is about texting. Texting is quicker – response time is quicker; • Only 20% of e-mails are read by the recipient – response time is slower. Example: I ask that legal clients review e-mail and respond at least once per day, and if they go on vacation and something is pending I confirm their frequency of checking e-mail, or when they will be back to the office/home to do so; • A telephone call requires the recipient to be available at the same time as the caller, and; • A significant number of Americans depend on medical apps as part of their medical care; 58% of smartphone users have downloaded a health app. • 8
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Overview of HIPAA as applied to electronic communications – common sense suggestions for the employer: Do have an interdisciplinary team review your employment policies relating to confidentiality and electronic communications, including social media and related topics; • • This should include an employment policy governing the employee’s use of electronic communications mentioning the employer or patients that goes through an employer’s wi-fi or computer system, as well as electronic communications between the health care provider and the patient; Do include representatives from Corporate Compliance, Legal, IT, Human Resources, Risk Management, Finance, and similar departments on the interdisciplinary team; • Consider basic security and privacy risk prevention. For example: issuing a smartphone or other personal device to the health care practitioner to minimize privacy risks – devices that have to be kept secure, are maintained by your IT department, can be remotely accessed and wiped clean if needed because they are lost; • 9
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Overview of HIPAA violations, with an emphasis on state licensure boards and agencies: State licensure boards and agencies – how state laws may apply to violations of confidentiality of Protected Health Information – state laws as applied to licensed health care professionals; • Privacy interests in your root canal? Note medical histories of patients have the most private information (sexual history, medications, etc.) – current medical records of current procedures may also be very confidential (current medications, etc.); • Generic laws where HIPAA is never mentioned – how generic laws for state licensure agencies may implicate HIPAA; • HIPAA sanctions for violations; • 10
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Overview of HIPAA and electronic communications – some takeaways: Review the ways your staff may be using cell phones that introduces risk to patients and to the organization – use of personal cell phones for business use and data sharing, and use of employer internet for personal use and data sharing; • Consider the best option for a cell phone service provider moving forward – work with a provider experienced in government or health care organizations, and under contract; • Explore ways to train staff members who will be using cell phones at work – start with clear employment policies and device-specific agreements (i.e., business laptop, cell phone) – I’m big on this; • Decide which uses of cell phones should be permitted by employees of different types of organizations – employment policy not to use personal cell phone on employer internet service and allowing business use of cell phone on employee’s own internet service away from work and apply to all workers; • 11
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Overview of HIPAA and electronic communications – some takeaways, con’t.: Cover the essentials you need to include in your HIPAA policy concerning smartphone access and usage – covers use of personal cell phones for business use, and use of employer internet for personal use; • Plan an efficient way to implement new training and policy on the use of cell phones and HIPAA throughout the organization – handing out new business devices for employees will get their attention! • • What is a “HIPAA compliant phone?” May include a Business Associate Agreement for a package of services, including a telephone number that can send and receive texts that is HIPAA secure and compliant 12
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Overview of HIPAA and electronic communications – some takeaways, con’t.: Data sharing – covers personal internet for business use and business internet for personal use; Updates for 2022 – see current enforcement discretion; Business associate agreements – should include e-mailing and texting by specific reference; Call logs and PHI – maintain these; Texting and PHI – use a secure and encrypted method; Bring your own device (“BYOD”) – cover this in your human resources policy; Voice over internet protocol (“VOIP”) – just another way to use the internet for phone calls, secure??? Additional security measures – IT specific firewalls and other measures; Doctors and texting (i.e., physicians) – same as other health care professionals, same rules! HIPAA policy for cell phones – cover this in your human resources policy. • • • • • • • • • • 13
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Overview of HIPAA and electronic communications – some takeaways, con’t.: State licensure laws, professional codes of ethics, and the concept of confidentiality should be firmly ingrained in health care professionals’ psyches and work habits by now; • Direct communication with patients by the health care practitioner or their employees is relatively new; • When misused, electronic communications also carry legal risks that could negatively affect the organization and result in personal consequences for the individuals involved – misuse is just another example of a HIPAA violation, and; • • Most common consequence seems to be losing one’s job. 14
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality What have we covered today? The basics of HIPAA privacy; • The basics of HIPAA and the use of electronic communications; • Examples of state licensure laws governing protected health information; • Elements of privacy notices and communications practices with patients; • Texting, e-mailing, and personal devices; • Bonus: website confidentiality and privacy disclaimers for the health care practitioner. • 15
E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality Conclusions – top takeaways: HIPAA is not new - day-to-day basics of HIPAA should be routine; • Confidentiality is not new – especially in mental health practice; • State licensure laws of health care professionals are not new – these contain the most basic of mandates that can now be violated in new ways via electronic communications; • E-mail and texting are permitted with precautions – only encrypted messages and methods demonstrate absolute compliance with privacy, and; • Warn patients about e-mail risks and get their informed consent, then limit the protected health information that is shared electronically by regular methods of e-mail and texting. • 16
Thanks for Watching Register Now 17