HIPAA Compliant Communications: How SaaS Companies in Healthcare Can Manage PHI

Tim McLain

Do you have questions about whether your health-related communications are HIPAA compliant? Certainly, failure to comply with the rules of the Health Insurance Portability and Accountability Act can have severe consequences, both from the government and from the loss of patient trust.

So it’s important to make sure your procedures and technology fulfill the requirements of this law. Here are some of the important things you’ll need to keep in mind.

Avoid Sharing Personal Information Unnecessarily

One of the easiest ways to stay in compliance is to ensure that you and your staff don’t share personal health information (PHI) unless you are able to verify the identity of the person to which you’re talking. This is especially important when leaving messages if you are unable to contact the patient or authorized representative. Make sure your staff knows they shouldn’t leave any PHI on voicemail or send any through SMS. When onboarding new staff, consider providing scripts or checklists to guide staff in what they can share on a message and what they should avoid sharing.

Double-Check Contact Information

When contacting a patient or sending PHI through electronic means, ensure that you double-check the contact information to prevent accidental disclosure of PHI to unauthorized recipients. An example is a case of a physician’s office that accidentally disclosed a patient’s HIV status to an employer when they meant to send those health records to a new health care provider. Even small mistakes with PHI can have large effects on patients.

Create Device Policies That Ensure PHI Safety

When employees use mobile devices to share PHI, ensure that any PHI is removed from the device before it is shared with another user. This policy has become more critical now that many doctor visits and check-ins are happening by telehealth on mobile devices. You’ll want to ensure that any logs or recordings are removed or turned off so that your devices aren’t at risk of HIPAA violations.

Ensure Your SaaS Vendors Comply as Well

Although voice and messaging platforms like thinQ by Commio™ are HIPAA compliant because they don’t store any information – they are considered conduits and excluded from HIPAA rules – some of the communication vendors you are using may need to fully comply with these rules. You can remain in compliance by asking your vendors to sign a business associate agreement (BAA) certifying that they comply with the security, privacy, and breach notification rules within HIPAA. Depending on your own procedures, you may require your vendors to re-certify those BAAs or verify that they qualify for a conduit exception on a periodic basis.

How Commio Remains HIPAA Compliant

Because Commio only passes information through and never stores it, we are covered under the conduit exception. That means you remain HIPAA compliant when you integrate thinQ into your communication system.

Benefits of Commio for Healthcare

In addition to staying HIPAA compliant, thinQ by Commio™ offers many SaaS businesses in healthcare and providers substantial cost savings, full transparency for voice and text communications, and fast and easy implementation. Read more in our case study.

If you’re ready to see how thinQ can benefit your SaaS platform or healthcare organization, contact us now to schedule a 15-minute demo.

Date posted: March 10, 2021

Topic: CPaaS   Intelligent Call Routing   Outbound  

Tags: BAA   Compliance   CPaaS   E911   Healthcare   HIPAA   PHI   Telecom   VoIP  

Tim McLain

A passionate technologist at heart with more than 25 years of marketing experience, Tim loves using technology to help businesses solve problems and grow their bottom line. Tim is happiest brainstorming new approaches to marketing and communications to help Commio's partners better understand, trust, and embrace our cloud communications solutions. In his spare time, he loves shooting and editing video, riding long distances on North Carolina’s amazing bike trails, and enjoying the darkest craft beer he can find.

Recent posts from Tim McLain

Get the latest from Commio

We’ll send you one email a month featuring our latest blog content.