The HIPAA history
Why is HIPAA compliant email even a thing? HIPAA. It comes up in healthcare in literally every other conversation. We all triple check to make sure we didn’t spell it wrong in our outgoing emails. If someone were to notice, we would immediately lose credibility points among peers.
On the other side, it’s not easy to ignore when someone uses the old “HIPPA” or the less common “HIPPAA Compliance” spellings. We all cringe when we see it, but it’s hard to look away. Needless to say, it is by far the most widely used acronym in healthcare.
A brief history recap for the uninitiated: The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. But that isn’t when the healthcare industry had to comply with regulations around Protected Health Information (PHI).
That didn’t happen until the Privacy Rule required compliance in 2003. That’s when the glass walls went up in front of receptionists at physician practices and patients started signing HIPAA forms they had never seen before. Practices put together all types of protocol to protect patient health information. While painful at times, it’s been an important transition.
Millions of HIPAA compliant emails
Few people debate the usefulness of email. In fact, 205,000,000,000 emails are sent daily. Yes – it’s mostly spam – but still, that’s a lot of emails!
And as far as the healthcare industry’s use of email, it’s the primary method of communication. But how secure is it to send sensitive patient information over email? Not secure enough.
Prior to HIPAA’s Privacy Rule, using email to discuss PHI wasn’t putting you at risk for a fine. But now, if you use a system that isn’t HIPAA compliant, you’re putting yourself at risk for a $50,000 fine every time you send PHI.
That’s pretty serious.
How does it work?
So the healthcare industry needed a way to retrofit their email solutions to make them HIPAA compliant. The biggest problem here is that everyone uses a different email platform and environment, and you have to be prepared to send and receive emails to and from anyone.
That’s why HIPAA compliant email is challenging. Most of the products performing this function for hospitals require that an email recipient follow a set of steps to even read the incoming email. This is the set of steps I usually have to take when I’m unfortunate enough to get an email like this.
Step 1: I receive an email that says I have a new message in the HIPAA secure portal. I click a link taking me to a registration page to create my new account to communicate with this specific sender organization.
Step 2: I register with my very own login and password, and now I can see the email that was sent to me.
SO EASY, RIGHT?
Just kidding, here are the things you’ll hate about HIPAA secure email like this:
- Every time you log in, you have to remember your username and password.
- You get booted out in the middle of writing a massive email you’ve spent a lot of time writing, only to have to rewrite it again.
- You can only use each of these secure email accounts to communicate with one organization. Each one has their own.
- When you want to write someone an email and didn’t bookmark the URL, good luck finding it.
- It’s almost impossible to CC: someone outside of that organization, which makes projects with multiple vendors tough.
- It’s an additional 5+ steps every time you want to write or read an email.
So, while it’s important to understand the value of compliance around the communication of personal health information, it’s also important to recognize the additional burden of these types of systems. And when you add that much complexity to a workflow, people tend to fall back on what’s easier, even if it violates the HIPAA email strategy.
So, while texting isn’t necessarily the best medium for all types of communication, it works flawlessly for many conversations. With an app-based HIPAA secure texting solution, you can eliminate all the extra steps and get straight to communicating securely.
Schedule a demo today to learn more about integrating OhMD with your practice!