When President Obama came into office, there was quite an uproar about whether he'd continue to be able to use a smartphone for his communications. Eventually, a lab was established where experts worked for months to create a secure smartphone for the president to use and he's now often seen typing away on his device -- called "Blackberry One."

Of course, the president's security needs are a little greater than the average person's. But with 67% of nurses using their smartphones to support clinical communications and workflow, many BYOD issues are arising for institutions, and many medical providers are using smartphones for telemedicine and other uses. So, many people have wondered:

If the president wasn't cleared to use an off-the-shelf iPhone, Android, or Blackberry, is any smartphone actually HIPAA secure for medical uses?

The short answer is yes, but only if you use the devices in certain ways. Using a smartphone, like an iPhone, to make a call or send text messages may not be secure. That's why the president couldn't use it. Further, as we know, email is never HIPAA secure, much less on a smartphone.

However, logging into an app like iClickCare on your smartphone, Android, or iPhone is actually HIPAA secure. You're absolutely HIPAA safe and protecting PHI (protected health information), including patient data, pictures and videos of the patient, and collaborations with other medical professionals, if: 

1. Data is NOT stored locally on the device
2. The company that makes the app promises HIPAA compliance and does rigorous and constant checking of that HIPAA compliance.

So, yes -- use technology to care for your patients. Just be smart about using the right technology for the right use.

Curious what everyone means when they talk about Hybrid Store and Forward Telemedicine as the best way to collaborate in a HIPAA safe way? Get our free guide here: 

 

Many people have been hearing telemedicine success stories and want to start using using technology to collaborate and connect with providers and patients.

Most folks use telemedicine to improve patient care and maybe make their lives as providers a little easier. However, those motives don't get around the fact that we all need to be paid for the work we do.

Reimbursement for telemedicine is a crucial part of making the practice sustainable. But it's not always easy to know how to make that possible when the political climate and reimbursement policies are constantly changing.

So here are 4 tips and resources to make sure you're paid for telemedicine:

1. Just do it and worry about reimbursement later. Many of our colleagues have found that when they put collaboration and patient care first, the reimbursement ends up taking care of itself. So pay attention to reimbursement -- but if in doubt, just go ahead and care for the patient or collaborate with telemedicine and let the details sort themselves out later.
2. Use the right codes. We've assembled a list of codes you can use to bill for telemedicine-related time. This is always changing, but keeping an eye on the right codes increases reimbursement significantly.
3. Make sure you're billing for everything you can. Many providers don't know that in addition to patient-related time with telemedicine, you can also bill for time spent collaborating, and even charge a remote site facility fee. 
4. Be smart about pre-authorizations. Always check if the patient’s insurance company needs a prior authorization. If so, text the pre-authorization information and patient insurance plan to the consultant.

 

Need guidance on telemedicine options? Get our guide for free:

 

 

Image courtesy of 68751915@N05 on flickr.com, used under Creative Commons rights.

An important deadline is coming up. By 9/23/13, healthcare providers need to come into compliance with the final HIPAA rule. Because our iClickCare hybrid store and forward collaboration system was developed with HIPAA in mind, we want to share some time-saving experience with you. This week, we're covering 3 aspects of the deadline. Monday was overall background; Wednesday was about steps to get in compliance; Today we're discussing HIPAA and telemedicine.

As we wrap up our week of posts addressing the final HIPAA rule deadline, we wanted help you understand how telemedicine fits in with the world of HIPAA.

So, a roundup of our most popoular posts on telemedicine and HIPAA: 

• HIPAA violations and penalties. Your colleagues may be emailing about patients, but they're not doing it without risk. Just because you're ignoring the rules, doesn't mean they don't exist. 
• What if you lose your phone? Telemedicine security and HIPAA for the forgetful folks.
• 3 ways to keep patient communication safe from HIPAA. It can be equally easy to communicate with patients in ways that are HIPAA-safe -- it just takes a little knowledge and planning.
• A review of the HIPAA Omnibus Rule. Some key points to keep in mind, whether in relation to telemedicine, or just as you come into compliance this week. 
• Repeat after us: email is not HIPAA-secure. That's why we invented ClickCare, after all. But if you're going to be emailing, use this guide to work out the settings. 

Now, what: 
We've created a tool that reduces the 492 official HIPAA compliance questions to only 32, while still meeting the HIPAA standards. You will eventually need more work in this area, but this is a start. Of course, be aware that we are not lawyers, you shouldn't take action on information in this post alone, and we do not represent the government.

Click below for a quick-and-easy version of an assessment to help you come into HIPAA compliance. 

An important deadline is coming up. By 9/23/13, healthcare providers need to come into compliance with the final HIPAA rule. Because our iClickCare hybrid store and forward collaboration system was developed with HIPAA in mind, we want to share some time-saving experience with you. This week, we're covering 3 aspects of the deadline. Monday was overall background; Today we're talking about steps to get in compliance; Friday we're discussing HIPAA and telemedicine.

Why should you care and comply with HIPAA, HITECH and the Omnibus Reconciliation 2013 bill? 

1. You are a health care professional.
2. It’s the law (read: you'll pay if you don't "care.") 

The Office of Civil Rights of the Department of Health and Human Services summarized the 500+ pages of the Omnibus Rule as including the following final modifications:

• Make Business Associates of Covered Entities directly liable for compliance with certain of the HIPAA Privacy and Security Rules' requirements.
• Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without individual authorization.
• Expand individuals' rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.
• Require modifications to, and redistribution of, a Covered Entity's notice of privacy practices.
• Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to information by family members or others.
• Increased and tiered civil money penalty structure provided by the HITECH Act.
• Replacement of the breach notification rule's "harm" threshold with a more objective standard. [Our note: Previously, a breach had to reported if there was a “risk of harm." The Omnibus Rule requires any breach to be reported.]
• Prohibition of most health plans using or disclosing genetic information for underwriting purposes.

In service of becoming compliant, a risk assessment of your practice is required. There are five safeguards that need to be assessed:

• Administrative
• Physical
• Technical
• Organizational
• Policy and Procedures and Documentation Requirements

Now, what: 
This assessment can be done by you but the findings of the assessment and the plan of action must be documented and the assessments need to be ongoing. We've created a tool that reduces the 492 compliance questions to only 32, while still meeting the HIPAA standards. You will eventually need more work in this area, but this is a start. Of course, be aware that we are not lawyers, you shouldn't take action on information in this post alone, and we do not represent the government.

 

Click below for a quick-and-easy version of the assessment and come into HIPAA compliance. 

An important deadline is coming up. By 9/23/13, healthcare providers need to come into compliance with the final HIPAA rule. Because our iClickCare hybrid store and forward collaboration system was developed with HIPAA in mind, we want to share some time-saving experience with you. This week, we're covering 3 aspects of the deadline. Today is overall background; Wednesday we're talking about steps to get in compliance; Friday we're discussing HIPAA and telemedicine.

Healthcare providers have a way of focusing on the "now." There's always another patient to see -- and future deadlines can slip. Plus, truth be told, we get tired of the endless regulatory hoops to jump through.

That said, it's crucial to understand our regulatory context, and the time to avoid expensive and difficult violations penalties is now. After the background below, jump to the button at the end of the post to start the assessment process immediately and quickly, without expensive consultants. 

Some background on this September 23rd HIPAA deadline: 

HIPAA
In the mid-90s, the internet bubble was expanding and the world wide web was born. Amid all that connection, concerns about privacy and insurance arose, and in 1996, HIPAA was passed: the Health Information Portability and Accountability Act. In exchange for the ability to transfer, access to continuing health insurance, and healthcare fraud monitoring, the act mandates processes to protect health information. It controls more than digital electronic information, however: it controls paper charts, locks on doors and conversations as well.

HITECH
HITECH is the acronym for Health Information Technology of Economic and Clinical Health Act. It is part of the American Recovery and Reinvestment Act of 2009 and stipulates that healthcare providers be offered financial incentives for demonstrating meaningful use of electronic health records. It also provides for penalties for not using them and increases fines and jail terms for disclosure of health information.

The 9/23 Deadline
Since the passing of HIPAA in 1996, rules and revisions have been added to clarify and add to the regulations. Most recently, in January of this year, the HIPAA "final rule" -- the 2013 Omnibus -- was released. Part of that release was a mandate that all healthcare providers covered under HIPAA must come into compliance -- typically involving an assessment. There are 492 questions that comprise the rule's components, though-- a daunting asessment for any practice.

The quick and easy way
We've created a tool that reduces the 492 compliance questions to only 32, while still meeting the HIPAA standards. You will eventually need more work in this area, but this is a start. Of course, be aware that we are not lawyers, you shouldn't take action on information in this post alone, and we do not represent the government.

Click below for a quick-and-easy version of the assessment and come into HIPAA compliance.