To find the right solution for your organization, you must understand how and why employees are using messaging and email services.
"You want a solution that's easy to use, and that's within the work environment of whoever is sending the message," Apgar says. Apgar's case in point is Oregon's state-sponsored CareAccord Direct Secure Messaging email service. The service doesn't connect to all EHRs or an organization's email service. Users have to log in through the website to send a message. Busy employees, he points out, particularly clinical staff like physicians, are unlikely to use a service that requires them to go out of their way, making it a poor choice.
Text messaging solutions directed at the healthcare industry were not always common and user friendly. Until about a year ago, there were few mature products on the market for securing text messages, Apgar says. The ones that did provide good security had serious usability limitations as most could only be used to communicate with other people in your network. A specialist, Apgar says, wouldn't have been able to send a quick, secure text to his or her patient's primary care doctor if the doctor was not part of the specialist's organization. Some services, like Tiger Text and HipaaChat, offer a solution to this problem. (See the March 2015 issue of BOH for more information about Tiger Text.) If the sender uses Tiger Text, but the recipient does not, Tiger Text delivers a text message that includes a link to the now encrypted text message. When the recipient clicks the link, the browser on the mobile device opens up to the text message, which is encrypted at a National Institute of Standards and Technology standard 256-bit encryption.
Keep in mind, however, that you have to treat text messaging the same as email. Device security and storage need to be analyzed. Burton warns that some may not realize the text messages on their phones leave traces of data behind.
Apgar agrees. "They don't understand that ultimately the cell phone carrier has servers that back up your texts, and you have it [stored] on your phone," he says.
Q: I work in a behavioral health hospital and am looking for guidance relating to disclosures as part of the Clozapine REMS Program. In order for a patient to fill a prescription for Clozapine at an outside pharmacy (not our on-site pharmacy), the pharmacy is required to have a copy of the patient's latest blood draw (absolute neutrophil count). Is the patient required to sign a release of information for us to be able to send the latest blood draw results, or is sharing the results with the outside pharmacy considered part of the process when the patient is registered in the Clozapine program?
In addition, if the latest lab results contain more information than what is required for the Clozapine prescription to be filled, should we edit the results to only include what is specifically needed by the pharmacy?
A: Releasing this information is considered treatment, so the patient's authorization is not needed. Editing the results report to release only the neutrophil count would be a good practice, if it is reasonable to do that. If not, it would be acceptable to release the complete results containing the neutrophil count, since the minimum necessary requirement does not apply to treatment disclosures.
Editor's note: This question was answered by Mary Brandt. Brandt is a healthcare consultant specializing in healthcare regulatory compliance and operations improvement. She is also an advisory board member for BOH. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Email your HIPAA questions to Associate Editor Nicole Votta at nvotta@hcpro.com.
The 2016 CPT® code update may have been relatively small compared to previous years, but the urinary and genital system sections did receive numerous changes to align them with other sections of the code book.
This month's column is all about data--the importance of providers reporting accurate and complete data, as well as CMS having complete, accurate, and consistent data to compute future payment rates.
