Whether you use the telephone, email, telehealth video platforms, or text messaging to communicate with patients, it may be helpful to consider how HIPAA-compliant communications differ. Understanding how HIPPA rules differ for each communication tool is essential. Learn best practices for HIPAA complaince and how to avoid common communication errors in healthcare.
HIPAA Compliant Communication Best Practices
In healthcare, regardless of the communication method used (such as telephone, email, telehealth, or text messaging), it must comply with HIPAA rules and regulations. Certain communication tools require written patient consent before use, while others require a signed business associate agreement. See TBHI’s previous article HIPAA Business Associates and How to Choose the Right HIPAA Business Associate Vendor for more information.
How can different tools be used for HIPAA-compliant communication?
- Telephone: written patient consent is required before communicating with a patient over the telephone. In addition, limiting the information offered in the message is crucial when leaving a voicemail. See Mobile Device Security and HIPAA Compliance and What is HIPAA Compliant Voicemail.
- Email: while communicating with patients through email is not recommended, it is permitted with written patient consent that is signed before the email exchange takes place. During informed consent, the provider must warn the patient of the cybersecurity risks associated with email. If that timing is not strictly followed, healthcare providers must use an encrypted email service that will include a signed Business Associate Agreement (BAA). See TBHI’s previous article HIPAA Compliant Email for Therapists and What is HIPAA Compliant Email? for more information.
- Telehealth: conducting telehealth appointments has become a popular form of patient communication. Not all telehealth tools are created equal. Some offer HIPAA-compliant telehealth services, while others do not. HIPAA-compliant telehealth tools are secure and will sign a BAA.
- Text message: traditional text messaging platforms are not HIPAA compliant, as they lack the protection to secure protected health information (PHI). However, some healthcare texting platforms can be used for HIPAA-compliant texting.
Before disclosing PHI through respective tools, confirming a patient’s contact information (mailing address, email, phone number) is essential.
Common Communication Errors in Healthcare
Knowing what not to do is just as important as learning what to do. Common communication errors in healthcare include:
- Failing to receive patient consent before delivering professional services
- Using a communication tool that is not HIPAA compliant
- Using a communication tool incorrectly
- Disclosing patient information to an unauthorized individual
- Failing to share records in a timely manner upon patient request
This Article is Contributed by the HIPAA Compliancy Group
Need assistance with HIPAA compliance? The Compliancy Group can help!
Is It Time to Earn Your Telehealth Certificate?
Telehealth Compliance Requirements Are Returning
Enforcement is headed our way. Improve staff competency and compliance with evidence-based telehealth BCTP® certificate training. Three levels available. Manage risk and distinguish your services now.