BYOD – Are You Prepared to Join the Healthcare Party?

By Bob Brittan

Before we get into BYOD (Bring Your Own Device), let’s briefly mention HIPAA, the Health Information Portability and Accountability Act. This federal regulation protects the privacy of individually identifiable health information, and for our purposes, the HIPAA Security Rule covers electronic-protected health information (ePHI), which sets national standards for the security of electronically shared health information. Huge fines have been levied for “woeful neglect” of health data breaches from state attorney general lawsuits to civil action lawsuits, with average fines of up to $50,000 per violation. Aside from the damage done to your brand, this causes a major disruption to business operations.

As an outsourcing healthcare call center or answering service provider, you may have signed a Business Associate Agreement (BAA). This is required for organizations or people working with or providing services to a covered entity that handles or discloses ePHI or Personal Health Records (PHR). Examples of business associates include call centers, answering services, and hosted solution providers that work with covered entities, such as hospitals, doctors, and other organizations that access health records.

Does your call center or answering service have to be HIPAA-compliant? The answer is a resounding yes if you operate within the healthcare industry. Without oversimplifying the seriousness of compliance, you are required to establish a culture of compliance with policies, procedures, and tracking firmly in place in case of a data breach and a resulting audit.

So let’s get this party started and talk about BYOD and why it’s giving some teleservices providers a hangover. It seems everyone has a smartphone these days. Busy doctors and healthcare professionals like to use just one device for all their electronic interactions, including texts that contain highly confidential patient information. To make matters even more difficult for some, alpha paging and numeric paging are not HIPAA-compliant. Is there any technology to safely and securely notify healthcare professionals of patient information and be fully compliant with HIPAA?

Like all of us, doctors and healthcare professionals want easy access to their messages. However, it’s no secret that people are usually the weak link in data security, often looking for a time-saving shortcut. Healthcare workers have unusually stressful jobs dealing with one emergency after another, and they don’t always adhere to – or want to – follow established security protocols. Is there a way to offer both secure messaging and content delivery over any type of device (BYOD) a healthcare worker prefers to use as their primary communications tool?

The answer again is yes. Technology available today enables smartphones to become secure two-way messaging and content delivery systems, fully compliant with HIPAA regulations. This is good news for doctors who may still carry a pager: the end-user avoids calling the teleservice operator for costly, verbal messages. This is a win-win, cost-effective, and timesaving benefit for the end-user and the provider who both can reduce resources and expenses.

The safe way to ensure data privacy and security is to obtain a specific smartphone application that is purposely designed to be HIPAA-compliant. Most are cloud-based services for proper storage and treatment of all messages and utilize data encryption (SSL) and other security measures as defined by ePHI and HIPAA. A shortcut PIN (or full user-ID and password) must be entered before each message can be accessed (great for security and audit purposes), and ideally no messages are ever stored on the smartphone – another benefit in case the phone is stolen or misplaced. Once viewed, a record that the message was read and responded to is securely logged, creating a beneficial audit trail.

HIPAA-compliance requirements are much more detailed than this column can cover. If you are searching for, or already have a secure messaging system, verify that the vendor solution is HIPAA-compliant, and have that BAA ready. Secure BYOD is changing the way people interact, as they search for even faster, more convenient access to important and private information through secure messaging. A balanced approach to understanding federal regulations, technical security, and procedures for safe, secure message transmission will enable you to create and accommodate successful, secure, BYOD strategies for utilizing secure message and content delivery for the healthcare party.

Bob Brittan is the marketing director at OnviSource, Inc. and has more than twenty years of experience in best practices consulting for emerging technologies and contact centers, with a focus on front and back-office optimization and automation.

[From Connection Magazine Sep/Oct 2014]