When one cannot be in the same location as their patient, or when being able to see them is not absolutely necessary, the phone can be the most convenient means of providing certain services. Clinicians’ phones are a key tool for telehealthcare to be able to offer direct patient care and collaborate with staff members.
It is true that phone calls are more commonly used for administrative tasks such as scheduling an appointment and to coordinate care with other clinicians.
Not surprisingly, telehealthcare providers also use the phone as their backup plan for when video conferencing systems fail.
A HIPAA-friendly phone system is critical for telehealth providers.
Obviously, clinicians are more likely to use non-HIPAA-friendly services when they do not have a HIPAA-friendly system provided to them.
Many healthcare organizations allow their clinicians to use their own devices for work purposes. This is called BYOD (Bring-Your-Own-Device). Other organizations manage staff devices by using a Mobile Device Management System. Either way, device policies should be created, staff trained, and implementation enforced to be able to securely store patient health information.
HIPAA-covered entities are responsible for the confidentiality, integrity, and availability of all protected health information. These three requirements of the HIPAA security rule can be compromised when clinicians use their own personal phone services instead of the healthcare organization’s phone system.
To make sure tried and true methods are utilized and blind spots are accounted for, a telehealth consultant is recommended. Outside consultants can help to create proper policies and procedures, manage devices, and train staff.
Texting clinical information via standard SMS or MMS
Often staff within the same organization use texting to quickly and conveniently communicate clinical information. This can create a great risk to confidentiality because regular texting provided by cellular companies is not encrypted in transit. In fact, it is now categorized as an “informational” service rather than a “telecommunication” service.
This change has eliminated some security protections for texting. Texting services provided by software companies often have the text information stored on the companies’ servers, creating the need for a business associate relationship under HIPAA law.
Not only is it important to ensure patient privacy, but obtaining a BAA from a healthcare communication provider is required by HIPAA.
Faxing healthcare information also carries risks
Often fax machines are not in a secure location giving individuals other than the intended recipient unintended access to this information. Internet faxing can reduce this risk by not printing in common areas.
Choosing a phone system that provides an API to integrate with your existing EHR, EMR, or practice management system is important. Communication technology, which can be integrated by the same service provider, is great for efficiency and also more likely to be used by all staff members. RingRx can provide you with all of this functionality.
Using phones and communication tools for telehealthcare purposes is different than for personal use. When providing telehealth services via phone, clinicians ought to be competent in the legal, ethical, technical, and clinical skills of telehealth.
Clinicians should know how to screen for fit, prepare the patient for a session, handle technology issues, respond to emergencies, and communicate effectively over the phone. Telehealth training is recommended for any provider interested in providing services by phone. A telehealth directory for telehealth providers who offer sessions by phone can be found here.