HIPAA Compliance and Live Chat
What is HIPPA and how to ensure company compliance
What is HIPAA? It’s not a mammal. We explain. 🦛
A bit of history…
A long, long time ago, in a different century, the world was very different from today. People looked for books in the library catalogs, shopped in brick-and-mortar stores, and had their medical records stored in those color-coded manila folders at the doctors’ offices. But the world was changing. Because of computers. Personal medical records were being digitized and could now be shared if a patient switched doctors or needed their medical information shared.
That is when federal lawmakers initiated what would eventually become Health Insurance Portability and Accountability Act – HIPAA. One of the goals of the law was to reduce administrative burdens and cost of healthcare by standardizing the electronic transmission of administrative and financial transactions. (SearchHealthIT) In other words, the law put in place standards that protect patients’ records and ensures privacy.
A bit of legal lingo…
So what exactly does HIPAA do when it comes to handling patient information?
Title II: HIPAA Administrative Simplification Title II directs the U.S. Department of Health and Human Services (HHS) to establish national standards for processing electronic healthcare transactions. It also requires healthcare organizations to implement secure electronic access to health data and to remain in compliance with privacy regulations set by HHS (SearchHealthIT)
Now, that’s all good, but did HIPAA make the world a better place? Fine folks at Perspectives, an online health information management journal reviewed the effects of the law on healthcare administrative purposes. They came back with mixed reviews, stating that while the law is meant to address “historical carelessness” with sensitive patient information, “HIPAA has created great challenges to health information management professionals regarding the release of patient information. More clarification of the law, standardized instructions, and extensive training of healthcare workers should be addressed.” (NCBI) So while it protects patients’ information it also creates certain challenges for those handling that information. Either way, the law is here to stay. Patient information has to be handled securely and that’s all there’s to it.
The Dangers of Not Complying (Or what happens to the troublemakers) 😈
HIPAA Violation Penalties You should really follow the rules. Here’s why.
Handle with Care! What happens if we don’t handle personal information carefully? Well, some people will get pretty upset. And so will our wallets.
“The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time. Fines will increase with the number of patients and the amount of neglect. Starting with a breach where you didn’t know and, by exercising reasonable diligence, would not have known that you violated a provision. To the other end of the spectrum where a breach is due to negligence and not corrected in 30 days.” (TrueVault)
So, it’s clear – data breaches are bad, bad, bad. And expensive. Look at that!
What can go wrong?
So even with the law in place and precautions taken, data breaches can still occur. How? Due to human errors, unauthorized access, and IT misadventures. See that huge column on the bottom of this graph? “IT incident” is something you definitely do not want.
Not surprisingly, the most sensitive and personal data breaches happen digitally. Email is a big offender. Why? Because many email interfaces do not have safety precautions in place. The data is not secure and is easy to hack and steal.
HIPAA Requirements (Safeguards to employ) 👷
Enough Background! What should we do?
So what ARE the compliance rules? Glad you asked! There are two rules that are important to remember for anyone and everyone handling patient information. 1. HIPAA Privacy rule – The Privacy Rule requires that providers put safeguards in place to protect their patients’ privacy. The safeguards must shield their PHI. The HIPAA Privacy Rule also sets limits on the disclosure of ePHI. All healthcare providers, vendors, and data centers must comply with the privacy rule. 2. The HIPAA Security Rule is a subset of the HIPAA Privacy Rule. It applies to electronically protected health information (ePHI), which should be protected if it is created, maintained, received, or used by a covered entity. This rule has technical, physical, and administrative guidelines. It’s a lot of technical information that can get a bit complicated. If you really want to learn all the ins and outs, the fine folks at PhoenixNAP Global IT Services put together a guide you can read. It really explains it clearly and in great detail.
Protecting PHI In Live Chat Communications (Live Chats are a Whole Different Animal) 💬
Protecting PHI in Live Chat Communications: How to keep it hush-hush and confidential.
As we saw in the pages above, many security leaks happen electronically, especially through email. Live chat is another usual suspect because it often does not have the necessary safety precautions to ensure HIPAA compliance and data security. Unless, like in LiveHelpNow software, your live chat tool has certain precautions in place.
● Ability to force all transmitted information to be 256-bit encrypted; all data must be sent and received through HTTP 256-bit encrypted channel.
● Ability to completely disable print or email chat transcripts functions.
● Ability to disable file transfer functionality.
● Ability to automatically purge all PHI data as soon as the chat conversation is concluded.
● Ability to receive PHI data via secure Webhooks and to then be purged automatically.
● Ability to restrict access to the Live Chat software to certain IP addresses so only agents within your company network are allowed to log in.
Setting Up Secure Forms It’s really easy, just follow the steps below!
Ability to receive PHI data via secure form upload so the data is not included in/associated with a chat transcript.
More info on Secure Forms for PCI/HIPAA compliant data collection:
To watch an informational video on secure form follow the link below: https://www.youtube.com/watch?v=OrfbPTwT3LY&feature=youtu.be