When dealing with PHI, some of the practices we have always considered secure need to be rethought. Gone are the days of wired phones, fax machines and answering machine. When you send a fax or leave a message today, you can’t be assured of how it’s being delivered.
Let’s start with faxes. Anyone who knows me is aware of the fact that I think faxing medical reports is a practice that needs to go away. My primary reasoning is that I receive faxes through email, which means that any fax sent to me uses the internet. They are transmitted via the internet. They are stored on public servers in the cloud. They are unsecure. What guarantee do you have that the places to which you are sending faxes are using physical fax machines? Even if they are using physical machines, if donor film is being used to do the printing, that donor film needs to be shredded in order to be HIPAA compliant. The safest way to send reports is via some sort of web portal where each individual has to log in with a username and password in order to access the information.
Do you leave patient information in voice mail? If you do, STOP! I also receive voice mail via email. Again, that means that the message you thought was private is now being broadcast to the world over the internet. Even people who still use actual answering machines (if they exist) need to be aware of the security concerns since old messages live on until they are overwritten.
In today’s world of voice over IP (VoIP), most of our communications travel in some way over the internet. I receive terrible interpretations of my voice mails along with a wav or mp3 file so that I can listen to them without having to dial in. I get pictures of my faxes so that I don’t have to print them out. I can handle all of this with my smart phone!
To be thorough without going into the technical aspects of TLS, a way of sending secure email, unless you are using a system that requires the recipient to login, you don’t have secure email. TLS is not a guarantee of security.
When dealing with PHI, give extra thought to how technology could affect security.
No related posts.