HIPAA Compliance & Enterprise Collaboration: What You Need to Know
by Aware HQ, on 8/6/19 10:00 AM
While the day-to-day work in healthcare is fast-paced and nonstop, many organizations encounter barriers when it comes to sharing information.
Infrequent communication and interactions between medical teams results in a lapse of critical information, often affecting the delivery of quality care.
The Communication Disconnect in Healthcare
In 2005, a study showed that 77% of physicians could not even name the nurse caring for their patient. This disconnect is a problem, and both your employees and patients deserve a more personal, integrated approach to medical care.
Inefficient communication can result in disconnected employees and poor patient experience, ultimately resulting in a less-than-stellar reputation. Inefficient communication between practitioners slows the delivery of care to sick patients. Communicating between administration, specialists and aides creates a web of information that cuts productivity.
The cumulative impact of ineffective communication could cost a patient their well-being—or even their life.
Real Examples of Connected Healthcare Organizations
New collaboration technologies, such as Workplace by Facebook, Yammer and Microsoft Teams, help organizations save money and time when they create a space for real-time information sharing and knowledge access.
Memorial Health System Adopts Workplace by Facebook
Memorial Health System frequently held large staff-wide events and weekly meetings. However, when employees could not attend—for either personal or professional reasons—they found themselves falling behind and out of the loop. After adopting Workplace by Facebook, they were able to save the money and time it took to hold company-wide events and meetings.
St. Luke's University Health Network Adopts Microsoft Teams
St. Luke’s University Health Network adopted Microsoft Teams after recognizing their employees needed a way to securely share information and documents with one another. Reduced time on paperwork and information searching allowed healthcare employees to spend more time doing what they do best: caring for their patients.
HIPAA Compliance & Enterprise Collaboration
Any responsible healthcare organization would ask about HIPAA compliance. And without addressing these concerns and achieving stakeholder alignment, your organization is at risk of compliance and legal penalties.
The Health Insurance Portability and Accountability Act (HIPAA) is a federal regulation that secures patient confidentiality. HIPAA affirms the right that a patient has to their body and the information associated to their private health. HIPAA violations can range from $100 to $50,000 per incident.
Are tools like Workplace by Facebook and Yammer HIPAA compliant?
While mainstream collaboration tools take great measures to protect conversational data from external breach, employees can behave in ways that carry risk of HIPAA violations. For example, without the proper risk management measures in place, it is very easy for medical professional to send a public or private message that contains Protected Health Information.
It is recommended that HIPAA-compliant organizations implement specialized risk solutions to manage disclosure of patient information in the public and private areas of your selected tool.
Healthcare professionals have a responsibility to the medical needs of patients, but also to the privacy and security of their information. Inappropriate use of collaboration tools will open a healthcare provider to HIPAA risk.
Examples of Digital Workplace HIPAA Violations
3 Common HIPAA Violations on Enterprise Collaboration Platforms
- Sharing Private Patient Information
- Misusing File Content and File Types
- Public Inquiries That Violate a Patient's Privacy
1. Sharing Private Patient Information
Patient information is sensitive and unnecessary access to personal data is considered a HIPAA violation. For example, in 2008, 13 hospital workers were fired for looking into Britney Spears health information.
2. Misusing File Content and File Types
Medical records are forbidden from being shared on unsecure networks, and this was the case in a 2016 case that had five physicians pay a six-figure settlement for posting medical procedure dates on a public cloud calendar.
3. Making Public Inquiries That Violate a Patients Privacy
Employees often use collaboration tools to ask colleagues about industry best practices or advice on specific work challenges. This is a great use of the tool, leading to increased knowledge sharing and more effective outcomes. However, without risk management measures in place, the practice can lead to a potential HIPAA violation due to frontline workers who may inadvertently share PHI when simply looking for an answer to general questions.
How to Prevent HIPAA Violations in Workplace or Yammer
It’s important that healthcare organizations pair collaboration tools with a monitoring solution to protect patient information as well as avoid hefty reputation costs.
Prevent HIPAA Privacy Rule Violations in Enterprise Collaboration
The HIPAA Privacy Rule gives patients the right to see medical records or a report of disclosures, request record correction, and submit a written statement of disagreement.
How do I prevent HIPAA Privacy Rule Violations in Workplace or Yammer?
Honor a patient's right to privacy when you prevent unauthorized shares of Protected Health Information (PHI).
Pair tools like Workplace by Facebook and Yammer with a rules-based monitoring solution that automatically surfaces and responds to inappropriate shares in public and private messages.
Prevent HIPAA Security Rule Violations in Enterprise Collaboration
The HIPAA Security Rule requires healthcare providers to protect their patients’ electronic protected health information (ePHI) through the implementation of physical, administrative and technical safeguards.
How do I prevent HIPAA Security Rule Violations in Workplace or Yammer?
Develop a documented community management strategy that details appropriate practices on your Workplace or Yammer environment.
Make sure employees adhere to the policies with an automated community management solution that detects and responds to sensitive information sharing in public and private areas of the tool.
Prevent HIPAA Omnibus Rule Violations in Enterprise Collaboration
The HIPAA Omnibus Rule requires organizations to limit the flow of information inside and outside a private network.
How do I prevent HIPAA Omnibus Rule Violations in Workplace or Yammer?
Leverage an eDiscovery solution that builds a searchable archive of all communications in Workplace or Yammer.
Proactively build an internal process to evaluate the risk factor of potential incidents with a full investigation into conversation context of public or private messages.
Prevent HIPAA Breach Notification Rule Violations in Enterprise Collaboration
The HIPAA Breach Notification Rule requires an issued notification after a breach of unsecured PHI.
How do I prevent HIPAA Breach Notification Rule Violations in Workplace or Yammer?
Pair tools like Workplace by Facebook and Yammer with a rules-based monitoring and eDiscovery solution that surfaces instances of shared PHI in public and private messages.
Develop an internal escalation plan to quickly evaluate the risk factors and determine an appropriate response.
Connect Your Workforce, Protect Your Patients
As a healthcare organization, you are responsible for treating your patient’s and protecting their data.
Pair Aware with your Workplace or Yammer network to manage your risk of HIPAA violations while you embrace the future of work. Schedule a 30-minute introduction call today.
*This article is provided for general informational purposes only, and may not reflect current law in your jurisdiction. No reader should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice.