by Marty Kotlar, DC, CPCO, CBCS •
President of Target Coding •
When shopping for a text messaging platform vendor, it is crucial to consider Health Insurance Portability and Accountability Act (HIPAA) guidelines and standards that protect patients’ health information. Ensure the texting platform uses end-to-end encryption to protect data during transit and storage. Can the platform implement robust user authentication mechanisms to prevent unauthorized access? Can it provide and maintain detailed logs of all communication activities and track access, changes, and user interactions?
The texting platform should store data securely, preferably on HIPAA-compliant servers. Make sure the vendor will sign a Business Associate Agreement (BAA) with you, establishing their HIPAA compliance responsibility. Lastly, educate your employees about HIPAA regulations and best practices for handling patient information on the texting platform. It’s essential to consult qualified professionals to ensure your texting platform adheres to HIPAA requirements and privacy effectively.
When using a messaging platform, it is crucial to consider PHI or protected health information; this includes any information that can identify an individual and is related to their health condition, treatment, or payment for healthcare services. You can do several things to ensure your office follows the rules and keeps patient information secure. Let us dive into some of those best practices now.
Minimize patient details: Avoid including identifying patient details in text messages. Be cautious about the information you share and limit it to what is necessary for communication. This reduces the risk of unauthorized access or disclosure of patient information.
Use secure messaging platforms: Choose platforms that encrypt the content of your text messages. These platforms provide an extra layer of protection for sensitive information, ensuring it remains secure during transmission.
Implement two-factor authentication: use for added security and unique user IDs and credentials to control access to the texting platform.
Obtain patient consent: Before sending any confidential information via text message, obtain explicit patient consent. Ensure that patients understand the risks involved and give informed consent to communicate their health information through text messages. Note that appointment reminders are considered part of the treatment of an individual and, therefore, can be made without authorization.
Patient Records: Text messages that contain clinical information should be treated and documented like a telephone call in which medical information is relayed or requested. Text messages should not contain discussions, opinions, or comments that would not be included in the medical record.
Train your staff: Provide comprehensive training on privacy and security protocols. Educate them on the importance of safeguarding patient information and the necessary steps to ensure compliance when using text messages for communication.
Business Associate: Select a service provider willing to sign a Business Associate Agreement (BAA) to ensure they adhere to HIPAA regulations.
Auditing Protocols: Implement auditing controls, perform regular audits to monitor and track users’ access, and ensure that only authorized individuals can access the PHI.
Documentation: Implement policies and procedures that outline acceptable and unacceptable use of the messaging platform. Perform and document regular audit processes for the messaging platform.
These guidelines are crucial for safeguarding patient confidentiality and preventing potential HIPAA violations when using messaging platforms as a communication method. Email info@targetcoding.com for a FREE HIPAA compliance consultation.
MARTY KOTLAR, DC, CPCO, CBCS, COF, is the President of Target Coding. Over the last 15 years, Target Coding has helped hundreds of healthcare providers with compliance as it relates to billing, coding, documentation, Medicare & HIPAA. Dr. Kotlar is certified in compliance, a certified coding specialist, a contributing author to many coding and compliance publications and a guest speaker at many state association conventions. He can be reached at 1-800-270-7044, targetcoding.com or drkotlar@targetcoding.com.
▶︎ 
Why is the Discount Challenge prize amount $15,024? Because that is the average “per-occurrence” fine for Medicare inducements. That’s not $15,024 per patient, that’s not per provider, that’s PER VISIT. Stinks, doesn’t it? To us, the prize amount is worth the investment if we can help our profession better understand proper discounting.