If you conduct any business online, especially a healthcare practice, you know how important it is to have well-considered security measures in place. Not just because HIPAA requires them, but because security is crucial to the peace of mind of yourself and your clients, as well as the integrity of your practice. However, managing a highly functional, efficient practice is important as well. Is it possible to have both security and functionality for your practice?
The answer is yes. In fact, security and functionality are intrinsically linked. The most secure way of doing something can also be the most functional, as long as you keep several guidelines in place. Here’s how you can assure yourself and your clients of a secure and functional practice.
One very good example of how security and functionality can not just coexist but support one another is a secure contact form on your website. As we’ve discussed before on our blog, many therapists use a typical web form that isn’t secure on their website and do their best to limit the sensitive information that comes through it by asking for only the basics – name, phone number, and maybe a brief comment in a limited text field.
This is unfortunate for two reasons. Although the therapists are attempting to do the right thing by limiting the information that’s sent unsecured, from a HIPAA standpoint, even a name and phone number sent through a form that isn’t secure can be considered a violation. Additionally, it would be more beneficial for the therapist to be able to collect more information on the contact form. The more you know about your potential clients, the better you can identify those who are the best fit for your practice. A secure contact form alleviates the need to reduce the sensitivity of the information you collect, making the information more useful. This is a case of security directly improving efficiency.
A secure contact form also establishes trust with clients from the very beginning and, overall, optimizes and simplifies the intake process.
There is a balance that must be maintained between security and functionality. Too much of one or the other and the balance is thrown off, which is detrimental to your practice. Here are the ingredients to maintain equanimity between the two. You might find you need to tweak a few to get the perfect combination for your practice, but this is a very good place to start.
A Business Associate Agreement (BAA) is a signed document that affirms a third-party service provider's willingness to accept responsibility for the safety of your clients' PHI, maintain appropriate safeguards, and comply with HIPAA requirements when they handle PHI on your behalf. Having one of these on file for every third-party service you use, such as your billing service, email service, and online fax service, to name a few, goes a long way toward ensuring your HIPAA compliance. Not all services offer a BAA, and some charge a great deal for one (see more about that below), so make sure you understand exactly what is offered and choose your services accordingly.
If a service provides you with a BAA, most likely they’re using some sort of encryption. TLS encryption is the widely used cryptographic protocol used to secure messages in transit only. Some services, such as Hushmail, also use OpenPGP encryption, which secures messages in transit and in storage, providing greater security than TLS alone. By using both of these encryption methods, you can be confident that your client conversations will remain private.
Not all services provide encryption in storage, however, and this will have to be a decision you make weighing security (how much you need to be comfortable) with functionality (ease of use and affordability).
You might also want to consider adding a few extra security features if you feel you can do so without compromising functionality.
There are several things you’ll want to require for your practice to ensure its functionality and efficiency coexist with your security measures.
When you shop around for secure services, you’ll find that there is a wide range of prices. Many services charge extra for a BAA, for example. Quite a bit extra, in some cases. Others recognize that this document, and the inherent acknowledgement and acceptance of responsibility, doesn’t have to command such a high premium. Hushmail includes a BAA with all Hushmail for Healthcare plans, which start at $11.99/month.
Services have to be convenient for both you and your clients to use. What this means will differ according to the services. One example is Hushmail email that is secure even if your client doesn’t also have a Hushmail account. Instead, they’re directed to a secure message center that they can use for the duration of your relationship once they establish a password.
Also, for in-person practices, be sure to pay attention to the privacy of your patients from the moment they walk in your door. For example, when your patients check in, having them write their name in a paper logbook (which is easily scanned by other wandering eyes) or say their name out loud to a receptionist can be uncomfortable. Instead, consider a digital visitor system that allows for discreet check-in and provider notification.
It’s a good idea to look closely at the extra features that are included with a secure service. A practice management software might also include telehealth, such as TheraPlatform. And Hushmail isn’t just a secure email service, but also provides secure, customizable web forms and e-signatures, among other useful features, such as aliases and Hushmail for iPhone.
Fast, efficient customer care is perhaps the most important requirement from a functionality standpoint. When problems come up, it needs to be easy for you to make contact and get an answer quickly. At Hushmail, we’ve made prompt, reliable, and pleasant Customer Care experiences a priority, and we’ve found that it makes all the difference in helping our customers get the most out of their accounts.
Security and functionality are intrinsically linked. The most secure way of doing something can also be the most functional, as long as you keep several guidelines in place. Make sure you have BAAs on file for third-party services and subscribe to services that use encryption. Then shop for services that are affordable, convenient for you and your clients, and offer great Customer Care. Related posts: |