Don’t Use Webmail or Text Messages for Patient Info
Webmail includes the free mail services available on the Internet, like Gmail, Yahoo! Mail, Hotmail, etc. plus free email accounts you may receive with an Internet service from Verizon, Time-Warner, Cox Cable, Comcast, Century-Link, and others. Text messages include the services from cell carriers like Verizon, AT&T, T-Mobile, Sprint, and others.
These services are free and so easy. Why can’t we use them?
Free webmail services are not secure methods of communication. While they may be fine for personal messages, they do not include the security required to communicate protected information, including medical records and lab and test results. Even email messages you send to someone else in your office goes outside to the free webmail service and then back. Text messages are never deleted by the cell phone carriers. The recent scandals involving the media prove that text messages can be hacked. The companies that offer these services typically will not sign Business Associate Agreements required for any organization that stores patient information, including any messages or attachments containing Protected Health Information (PHI.)
What happens if we use webmail or text messages to communicate patient information?
In 2012 a small medical practice was using webmail to communicate patient information. They were also using an online calendar to schedule patient appointments. The practice was fined $ 100,000 and had to pay for notification costs for patients whose data was breached. It also had to implement secure communications and undergo a Corrective Action Plan to address their underlying lack of HIPAA compliance.
So what should we do?
First you should immediately stop sending patient information by webmail or text messages.
It is less expensive and easier now than ever to implement a Cloud-based secure email system for communicating within your practice. Communicating patient information to anyone outside of your practice should be done using email encryption. Cloud-based solutions like Exchange Shield provide secure email, including shared contacts and calendars, for a low monthly fee per user. An added benefit is you don’t have to purchase servers. Best of all, Worry Free Solutions will sign a Business Associate Agreement.
Text messages should be replaced by voice calls as long as any voice message you leave is not converted to an email or text message through an unsecure service.
Contact Us About HIPAA Compliant Email Solutions