A doctor is making her hospital rounds when she receives a text message from her office. The message is simple: “Call patient John Smith at (555) 123-4567 about the results of his latest lymphoma tests.” A colleague notices this and cautions that sending such messages is a HIPAA violation. The doctor was caught off guard and wasn’t aware of any violation.
HIPAA regulations are very complex, and if you’re a VAR specializing in the healthcare market, there’s a good chance your customers have gaps in their data security when it comes to the communications and collaboration tools they use daily. And the technology being used must meet HIPAA requirements.
A big part of these requirements has to do with encryption. Whenever electronic protected health information (ePHI) is passed from one person or system to another—or stored—the data must be encrypted. This applies to email, text messages and instant messaging.
Of course, email is probably the most ubiquitous communication tool. Many organizations aren’t using encrypted email. If you’re a VAR with healthcare clients, email is probably the lowest-hanging fruit for you and the easiest conversation to start regarding the overall security and encryption level of communications.
Another important aspect of HIPAA requirements has to do with information storage. Healthcare organizations with multiple offices often store ePHI in data centers accessible by all offices. Not only is it important to ensure that the data is secure, it’s imperative to have backups. These backups must also be encrypted and secured. Also, if data is removed, it needs to be properly and permanently destroyed, not just deleted. If you currently use a cloud backup provider, make sure you ask about security measures as they relate to HIPAA compliance. Finally, it’s a best practice to ensure that voice traffic itself is secure using end-to-end encryption.
In the end, your best bet as you evaluate communications solutions is to ask your Ingram Micro rep if the solutions you use or are interested in have the necessary encryption features to address HIPAA compliance. Additionally, many vendors will strongly tout their HIPAA compliance and be able to provide a business associate agreement if they’ve achieved it. In fact, today, there are purpose-built solutions specifically for the medical industry that are HIPAA compliant and take into account the many specific requirements of HIPAA regulations.
Your healthcare customers are most likely using any combination of electronic communication methods, and there are sure to be some gaps in security. By offering the latest HIPAA-compliant collaboration tools available to your healthcare customers, you can ensure any ePHI is transmitted and stored securely and redundantly and that it’s encrypted.