David Wortman

It’s been 18 years since the Health Insurance Portability and Accountability Act of 1996 was signed into law, more than a decade since the initial deadline for covered facilities to comply with the privacy rule, and almost a year since the deadline for everyone – covered entities, business associates and subcontractors – to be in compliance with the Omnibus Final Rule. In that time, HIPAA has entered the national lexicon and the privacy of protected health information (PHI) is axiomatic to the general public.

The risk of failure increases with anything that becomes routine, and one way the Final Rule counters that tendency is by increasing penalties and mandates for enforcement under the Health Information Technology for Economic and Clinical Health Act (HITECH). Even an unknowing violation can now incur fines as much as $50,000 each, and identical violations can climb to $1.5 million per calendar year. Intentional acts may result in criminal charges and even jail time.

And yet, Electronic Medical Records and Health Information Exchanges abound, smartphones and mobile apps proliferate, and increasing amounts of PHI are accessed by ever-growing numbers of individuals with a “need to know.” That’s especially true in long term and post-acute care facilities, where those with a need to know can include everyone from nursing and social services, to chaplains, cooks, transportation drivers, aides, admissions and marketing staff, administrators, even activities staff.

When we at Diagnotes, Inc. – developers of the Diagnotes HIPAA-compliant clinical communication system – first ventured into LTPAC market, it was to work with a multi-state, multi-facility medical services provider, Advanced Healthcare Associates. Like many similar organizations, AHA used to route calls from the nursing and healthcare units it served through a series of voice mailboxes and fax numbers, before it formed a centralized call center. When a facility telephoned the call center with information for the physician, the triage nurses on duty called a specified on-call physician number and spoke with or left a message for whichever physician responded. Contemporaneous hand-written notes and shared-drive documents collected details. AHA executives knew there had to be a better system, more integrated, and less open to unintentional HIPAA violations.

They were right. Diagnotes was able to demonstrate its comprehensive, customizable system that started with the simplest of all HIPAA-compliant vehicles: secure text and voicemail. Those are just the beginning of a system that integrates real-time scheduling, so triage nurses always know what provider is on call, and can access her from any permitted smartphone, tablet or laptop. So it doesn’t matter where the provider is – in her office, on-site at the facility, at dinner with family, or in the car – she is immediately available. ICD codes, EMR information, even lab results, X-rays, and other graphic information are equally at hand, equally secure. And, rather than hand-written notes, the message and the provider’s encounter documentation are completed within the same system, on the same device, with the same security.

We demonstrated clearly that HIPAA compliance can be achieved with 21st century technology created especially for clinical communication.

With the Final Rule in effect, it’s time to focus once again on the basics: HIPAA compliance is key to clinical communication. But secure texting is just the first important piece of what should be a comprehensive, fully-integrated system that brings HIPAA-level security to the entire clinical organization.

David B. Wortman is Chairman, CEO and Co-Founder of Diagnotes, Inc., developer of the Diagnotes® HIPAA-compliant clinical communication system. Available on smartphones, tablets and PCs, Diagnotes gives medical groups the tools to improve communication among providers, patients and staff. For more information, click here.