Communication is a vital of part of any people-serving organization, and email is one of the most common ways providers stay in contact with the people they serve, as well as partnering organizations. What some nonprofits don’t know is that the HIPAA Security Rule includes guidelines on using electronic communications to send protected health information (PHI).
One of the most important features of Community CareLink’s case management software is that it gives you the ability to communicate and exchange documents internally and externally using your organization’s current system. You will have one secure system on which you can feel safe and secure doing all of your work.
According to HHS.gov:
The Security Rule does not expressly prohibit the use of email for sending e-PHI. However, the standards for access control (45 CFR § 164.312(a)), integrity (45 CFR § 164.312(c)(1)), and transmission security (45 CFR § 164.312(e)(1)) require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to e-PHI. The standard for transmission security (§ 164.312(e)) also includes addressable specifications for integrity controls and encryption. This means that the covered entity must assess its use of open networks, identify the available and appropriate means to protect e-PHI as it is transmitted, select a solution, and document the decision. The Security Rule allows for e-PHI to be sent over an electronic open network as long as it is adequately protected. Most health care providers send text messages and emails throughout their day. Unfortunately many are choosing unsecured methods of transmission. If your medical answering service is sending PHI via regular text messages, they should know better. It's bad news for protecting patient data and worse yet, a clear HIPAA violation.
In short, organizations can send PHI electronically but must do so on a secure network. And, while HIPAA allows patients to opt out of receiving encrypted emails, HIPAA-covered organizations must provide a secure option for patients to receive PHI.
Technology can revolutionized the way people-serving nonprofits provide services if it’s done right. This starts with encrypting PHI. Some HIPAA-covered, people-serving nonprofits, particularly ones that don’t have an IT department, don’t even realize they are not in HIPAA compliant.
Our partners can access CCL from any device and communicate with the people they serve secure in the knowledge that PHI is encrypted. By using CCL to communicate they can take the guesswork out of what is PHI and what is not. If all communication goes through CCL, all PHI will be secure.
Contact us to learn more about how CCL can help your organization.