Ten HIPAA compliant commandments every healthcare provider should know

Featured image

Share this article

Ten HIPAA compliant commandments every healthcare provider should know

Written by Orlee Berlove, Director of Marketing at OnPage

OnPage has many answering services as clients.

They are often hired by a doctor’s offices to take messages after hours or during office breaks. When these answering services use OnPage or Paubox, they can send important patient messages in an encrypted and HIPAA compliant manner.

Last week however, one of our customers – let’s call him Joe – mentioned that some of the hospitals and clinics his answering service works with requested that he send text messages or emails with the names and phone numbers of patients who have called in.

Despite Joe’s argument that their request was forcing him to violate HIPAA regulations, Joe’s clients were not persuaded.

HIPAA compliance and the Business Associate

You might wonder why Joe is required to comply with the exigencies of HIPAA compliant messaging since his business is an answering service, not a doctor’s office. However, since Joe’s company was hired by a hospital, they are considered “business associates” (BA).

According to HIPAA, a “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.

But, what happens when a BA is asked by the clinic or hospital that hires them to send straight, unencrypted messages to doctors or nurses which contained patient names, phone numbers and ailments?

In this case, both the doctors’ office and the BA would be liable for a HIPAA. Since answering services are granted access to patient information when patients disclose medical concerns that prompt them to call, the answering services are required to follow HIPAA statutes.

The HITECH Act signed in 2009 requires HIPAA covered entities and business associates provide for notification of breaches of “unsecured protected health information”. They cannot send unencrypted emails containing PHI nor can they send text messages which are unencrypted such as patient name and phone number to a doctor’s office.

Keeping it legal

There are significant reasons for the doctor’s office to be concerned about the activities of their business associate. Since answering services are business associates of the a physician’s office, a number of federal obligations under the Omnibus Final Rule and other HIPAA regulations apply. There is the clear potential for possible civil and criminal penalties if there is a violation such as through sending unencrypted emails or text messages.

Ten Commandments

Keeping all the requirements of HIPAA straight can be confusing at times, so I thought to clarify the requirements of HIPAA through the following 10 commandments:

  • In exchanging patient information, you will remember HIPAA and maintain the importance of protecting your patients’ privacy
  • Thou shall not put a patient’s name in communications that are not HIPAA compliant
  • Thou shall not put a patient’s phone number in communications that are not HIPAA compliant
  • Though shall not exchange patient information through emails which are not HIPAA compliant
  • Thou shall not exchange patient information through text messages which are not HIPAA compliant
  • Thou shall only use encrypted forms of communication for exchanging patient information
  • Nor shall you ask a business associate to send unencrypted, patient information on your behalf.
  • Thou will educate your employees on the requirements of HIPAA regulations and what HIPAA requires of them
  • Thou will ask questions if you have concerns or are unclear on implementation
  • Thou shall stay abreast of HIPAA updates and requirements

Keep it clean

Covered entities and the entities they work for are clearly liable if either is found to exchange patient information in an unsecured manner. However, by learning and following the ten commandments of HIPAA, both BAs and the offices they work for will be in better standing.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Arianna Etemadieh

Arianna is an Inbound Marketing Specialist at Paubox. In her free time, she enjoys cooking, traveling, and volunteering at the animal shelter.

Read more by Arianna Etemadieh

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022