HIPAA 2020: Texting, Emailing, and Personal Devices – New Guidance
Overview:
Join our workshop to understand how you and your organization can employ smartphones, other devices, and email for increased efficiency without leaving your team exposed to preventable risks.
In this webinar, we will
- Discuss the OCR increase in HIPAA enforcement.
- Review the ways your staff may be using smartphones and email that introduces risk to patients and your organization.
- Consider the best option for a phone service and email provider.
- Explore ways to train staff members who will be using smartphones and other devices for work purposes.
- Cover the essentials you need to include in your HIPAA policy concerning smartphones, other devices, and email.
- Plan an efficient way to implement new training and policy on the use of devices and email throughout your organization.
Why you should attend:
Do you use a phone to schedule or screen patients? Are you checking your work email on your personal cell phone? If you said “yes” to either of these questions, then you need to make sure you’re using your devices in a HIPAA compliant way. How do you do so?
We will review the steps you can take together so you can lower your organization’s risk of challenges long-term. Between texting and mobile applications, understanding how to use your smartphone responsibly is necessary for smart healthcare practice in regards to HIPAA.
Areas Covered in the Session:
- Data Sharing
- Business Associate Agreements
- Call Logs and PHI
- Texting and PHI
- BYOD
- VoIP
- Additional Security Measures
- Doctors and Texting
- HIPAA Policy for Cell Phones
Who Will Benefit:
- Practice Managers
- Any Business Associates who work with medical practices or hospitals (Billing Companies, Transcription Companies, IT Companies, Answering Services, Home Health, Coders, Attorneys, etc.)
- MD’s and other healthcare providers
- Compliance Director
- CEO
- CFO
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/Lawyer
- Office Manager
HIPAA 2020: Texting, Emailing, and Personal Devices – New Guidance
-
- Overview and Introductions
- Objectives
- Terms to remember for healthcare, technology and compliance
- HIPAA violations and enforcement
- Risk assessments for devices and email
- Choosing the right business associates for phone and email service
- Training staff for phone, email and device use
- Developing policies for your organization’s technology needs
- Risk treatment/management planning and quality control
- Documentation and record keeping: devices and email
- Terms to Remember for Healthcare, Technology and Compliance
- HIPAA Violations and Enforcement
- Recent cases with OCR and penalties in the news
- New interpretations and changes of HIPAA, NIST, and other federal regulations
- Breach Notification Rule
- What is a breach?
- Who can be held responsible to report?
- How to report?
- Who to report to?
- Exceptions
- Next steps
- Risk Assessments
- HIPAA Security Rule excerpts
- NIST sample questions
- In the news
- Implementation of Audit Controls
- In the regulations
- In the news
- Examples of audit controls for technology
- Policies and roles
- Risk Treatment Plans
- HIPAA Security Rule excerpts
- Requirements
- Role delineation
- Key components
- In the news
- Minimum Necessary Requirement
- 45 CFR 164.502(b) and (d)
- In the news
- Scenarios to discuss
- Inventories
- Tracking
- Billing departments
- Business associates
- Breach Notification Rule
- Risk Assessments for Devices and Email
- Types of Devices
- Inventories
- Policies
- Virtual visits
- Mock audits for technology compliance
- Use of Devices
- Staff
- Patients
- Medical answering services risks
- Fax machine risks
- Types of Devices
- Choosing the Right Business Associates for Phone and Email Service
- Phone service providers
- Traditional
- Voice over Internet Protocol (VoIP)
- Cost
- User interface
- Interoperability
- Encryption
- BAA’s
- Data storage
- International use
- Remote tracking and wiping
- Screenshots
- Integrations
- Contract commitments
- Phone service providers
- Training Staff for Phone, Email and Device Use
- Content
- ePHI and other terms
- WiFi use
- Passwords
- Sharing devices
- Screen locks
- Lost or stolen devices
- Use of personal devices
- Social media use
- Digital boundaries
- Reporting breaches
- Documentation
- Smartphone applications
- Voicemail
- Texting
- Frequency
- Mode
- Duration
- Documentation
- Policy review
- Content
- Developing Policies for Your Organization’s Technology Needs
- Requirements for HIPAA compliance
- Uses
- Content
- Training
- Regulatory binder
- Annual review
- Quality control
- Requirements for HIPAA compliance
- Risk Management Planning
- Inventories for devices
- Policies
- Passwords
- Lost or stolen devices
- Screen locks
- Updating phones and applications
- Open WiFi use
- Bring Your Own Device (BYOD) policies
- Virtual patient visits
- Email disclaimers
- Smartphone applications
- Quality Assurance & Control
- Staff roles
- Policies
- Internal audits
- Document control
- Mystery shoppers
- Focus groups
- Staff shadowing
- Staff and patient surveys
- Reporting
- Documentation and Recordkeeping: Devices and Email
- Patient forms
- Consent form
- Intake
- Privacy policy
- Disclaimers
- Websites
- Social media
- Standard Operating Procedures
- Voicemail scripts
- Templates
- Approved use of texting with patients
- Review with patient during consent
- Train staff
- Oversight
- Approved use of email with patients
- Review with patient during consent
- Train staff
- Oversight
- Approved use of mobile devices
- Review with patient during consent
- Train staff
- Policy
- HR
- Oversight
- BYOD
- Travel policy for patient coverage and virtual visits
- Content
- Considerations
- Train staff
- Inform patients
- Crisis reporting via electronic communication
- Content
- Considerations
- Train staff
- Inform patients
- Voicemail scripts
- Patient forms
