Privacy issues are of increased concern when sharing patient records between specialists, dentists, and laboratories. Multiple regulations, including HIPAA, HITECH, and their Canadian equivalent PIPEDA, have established very specific guidelines for the handling of patient information. The concept of keeping patient information private is not new.
However, the amount of information being transmitted electronically between offices is at an all-time high. Electronic transmission of patient information, while clearly valuable, creates multiple opportunities for potential loss of sensitive data. Keeping your practice compliant should NOT be overwhelming. New innovations, developed in response to these challenges, make compliance convenient and efficient.
Confidentiality is at the heart of patient trust. No practitioner needs to be convinced to keep patient information private and all patient data tightly held. Yet, as electronic transmission is replacing traditional methods of information exchange, new regulations are setting standards for electronic information security that extend doctor-patient confidentiality into the electronic world.
Fines have been levied against practices for failing to take steps to safeguard Protected Health Information (PHI). The U.S. Department of Health and Human Services (HHS) has recently strengthened the privacy and security of PHI under HIPAA with final Omnibus Rules.
“These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates,” said Leon Rodriguez, the Director of the Office for Civil Rights of the Department of Health and Human Services.
While it’s easy to think a random audit will never happen to your practice, a single patient complaint can trigger a review. One such patient complaint in Canada led to a significant fine plus a sanction that prevented the practice from operating for 10 days.
A significant and recurring violation occurs through using email to transmit PHI. Almost without exception, Outlook, Apple Mail, Gmail, etc., are not compliant with HIPAA, HITECH, or PIPEDA regulations. Further, online storage services (e.g., Dropbox, Skydrive) also fail to comply with HIPAA standards.
Why? Even if your computer is secure, your message passes through dozens of unknown servers en route to its destination. These “middleman” servers make up the backbone of the Internet and email systems. Apart from the security issue, privacy legislation also requires the ability to audit systems for a detailed log of who was able to view PHI, complete with times and dates.
Besides lacking security safeguards, email systems do not meet the needs of dental professionals to transmit files between practices and laboratories. High-resolution digital images, 3-D STL files, and DICOM studies are difficult or impossible to email because most provider servers limit attachment sizes to less than 20MB.
This means dental professionals and labs may need to send/receive multiple emails per patient file, if they can be sent at all. While systems that enable large-file storage such as Dropbox provide an alternative for transmitting large files, the data are stored unsecurely in an unorganized manner. That is, there is usually little referential information included with the files, making long-term storage, retrieval, and management very difficult.
Sending PHI to referral partners securely and in compliance can be convenient by enabling the transmission of larger files through a single system. Secure-Mailâ¢, a new technology that simplifies the communication process, enables dentists, specialists, and labs to share private patient information easily and safely. Secure-Mailâ¢ meets or exceeds privacy regulations defined in HIPAA, HITECH, and PIPEDA as the service was designed specifically to address the necessary safeguards and requirements.
For more information on Secure-Mail, visit www.brightsquid.com.