A colleague of mine works in the Appalachian mountains. She's a committed practitioner who works with rolling green hills out the window, cultivates close relationships with every patient, and has a great breadth of skill.
What she does not have nearby is a Diabetes specialist. The closest Diabetologist is in Washington, DC, more than 3 hours away. And whenever a consult is needed, the specialist inevitably wants a long look at the patient files before offering advice. So when my friend in Applachia needs to get a consult and so needs to "share" the patient file with that specialist, she usually does it by driving the 200 miles to his office.
Recently, however, this provider asked me if there is any better way: "Can I upload and share patient files using telemedicine?" The answer is yes. There are certainly ways to use today's technology to safely and efficiently share patient files with colleagues, without running afoul of HIPAA -- or having to drive 3 hours. However, there are some key things to keep in mind so that patient data stays safe and the provider doesn't run into hassles.
How to send patient files without HIPAA headaches:
- If it doesn't promise it is HIPAA-compliant, don't use it. We hear providers talking about using Google Docs, Dropbox, text messaging, email, and even Facebook to send patient information. The problem with every single service in that list? They're not HIPAA-compliant. Stay away from these platforms when it comes to patient data, and only use a medium that promises to keep you, and the patient, safe.
- Consider hybrid store-and-forward telemedicine. Because it is a hybrid store-and-forward model, when you upload a PDF of a patient file to ClickCare (or send questions, pictures, or video), the consulting provider doesn't have to be available on your timeframe. The data will sit there until they're ready to review -- safely -- and you can review their response on your own time as well.
- If you're texting, do it securely. Although regular text messages are not secure and can't be used for patient information, there are secure text messaging services available. So if you don't need to send a full patient file, don't need to include pictures, and don't need to review treatment or teach, secure text messaging can be a good way to go.
- Be skeptical of the "easy way." The two most common ways that providers share patient information are either by driving patient files to other offices or talking about histories and conditions in the elevator. Driving, of course, is a huge time-waster and isn't scalable or sustainable. And it turns out that provider-to-provider conversations in the elevator are actually the most common HIPAA breach. So while we always encourage face-to-face conversations with colleagues -- in the elevator, or elsewhere -- we suggest using those conversations to connect as people... and use the technology available to send the actual patient information.
Looking for more guidance on staying HIPAA-safe?
Image courtesy of stephanieasher on flickr.com, used under Creative Commons rights.