A Healthcare Provider’s Guide to Patient-Centric HIPAA-Compliant Communication

Using HIPAA-Compliant Communication to Improve Patient Satisfaction, Efficiency, and Profits.

The COVID-19 pandemic presented healthcare with unprecedented challenges and brought dramatic changes to the industry. Prior to 2020, only 4% of people over age 50 had any significant experience with telemedicine, but according to a recent poll, that number jumped to 25% in the first three months of the pandemic. At the same time, attitudes toward virtual visits improved, especially among those who experienced them. Difficult constraints have no doubt been the main driver of this rapid adoption of telehealth, as has the emergency HIPAA waiver. This waiver has been essential in enabling various healthcare providers to continue serving their patients, but it’s important to note its limited scope. The waiver applies specifically to areas covered by the public health emergency declaration, and only for hospitals that have implemented their disaster protocols. It is by no means a suspension of the privacy regulation.

It isn’t just about technology — it is about how technology integrates into patient-centric workflows.

While catalyzed by an immensely difficult circumstance, we believe this rapid adoption of telehealth will bring about positive lasting change in the industry. Modern communications technologies have the potential to transform the quality of communication between providers and patients, as well as between providers themselves. Research has repeatedly demonstrated that good communication is a primary driver of patient satisfaction, as well as quality of care and operational efficiency. Press Ganey estimates that a hospital with annual revenue of $120M can realize an additional $2.2M — $5.4M per year just by improving patient satisfaction. With seamless mobile communication a norm in our daily lives, it’s only natural that healthcare providers and patients look to replicate such experiences. Even before the pandemic, 80% of patients wanted to use their smartphones to interact with healthcare providers, according to a global FICO study. Moreover, at their best, communication and clinical collaboration platforms can help providers organize, track, and manage the complex tasks involved in running a practice and delivering care.

As providers begin to embrace these new but long overdue tools, it is important to address potential pitfalls from suboptimal offerings in the marketplace and, most importantly, potential regulatory issues, especially those outlined in HIPAA.

The good news is that there are communications systems that enable organizations to not only meet the stringent demands of patient privacy but to also improve patient satisfaction metrics and win quality awards through measurements like HCAHPS scores along the way.

In Part I, we’ll look at what makes a platform HIPAA-secure. In Part II, we’ll look at how these platforms can be leveraged to drive other beneficial results. The strategies outlined below comply with existing US privacy regulations, including those that will resume after the temporary waiver terminates. When implemented correctly, these strategies will allow you to make quantifiable progress on otherwise nebulous concepts like quality and satisfaction. Our approach emphasizes the following: effective communication and coordination of patient care; convenience for all participants; and high degrees of regulatory compliance.

Part I: Choosing the Right HIPAA-Compliant Communication and Clinical Collaboration Platform.

The biggest challenge for electronic communication in healthcare is the Health Information Portability and Accountability Act (HIPAA). Passed in 1996, HIPAA created a series of national standards governing the handling of Protected Health Information (PHI). HIPAA regulations apply to healthcare providers, health plans, and outside parties that assist in the delivery of healthcare. To be HIPAA-compliant, healthcare providers must implement a series of administrative, procedural, and technological safeguards for protecting patient information. Using a communications platform designed with these regulations in mind can make achieving HIPAA-compliance much easier.

A HIPAA-compliant communications platform should:

1. Provide end-to-end encryption for all communications involving PHI. (Unfortunately, emails and text messages aren’t often encrypted in this way, so using them to discuss PHI may be considered a willful breach of HIPAA. For more details, see “Getting Up, Close & Personal with E2EE”)
2. Employ unique IDs and passwords for each authorized user.
3. Authenticate users upon login.
4. Give you complete control over your data so that you can manage it in accordance with your institution’s standards.

In addition, you should insist that the company you work with sign a BAA. A BAA is a legal agreement between a healthcare provider and contractor or vendor that might have access to or manage PHI. For example, Skyscape’s Buzz clinical communication and collaboration platform provides telehealth and much more. Skyscape always signs BAAs with institutional partners, assuming joint liability for violating HIPAA regulations. BAAs are vital to ensuring that you and your mobile messaging company are aligned in protecting patient information. Thus, it will not be prudent to work with a platform that won’t sign a BAA, and thus not willing to share the responsibility of HIPAA obligations.

Unfortunately, you can take all of these steps to be HIPAA-compliant and still fall victim to a breach. That’s because around half of all HIPAA guideline breaches occur due to internal staff errors or neglect. Thankfully, some communications platforms include features like automatic logouts (which prevent data breaches from lost or stolen phones or computers) and data management tools (which let you adjust who can access or modify PHI).

Yet having a communications platform that’s HIPAA-compliant isn’t enough. Yes, the security of underlying technology is foundationally important, but inconvenient or onerous security protocols can drive otherwise responsible care providers to resort to insecure communication modes. With that in mind, you’ll want to look for interfaces that are easy to use, intuitive, and flexible. Your team will use these types of applications much more dependably, and that matters for your institution’s security and privacy.

Look for a platform that:

• Makes it easy to find, share, and link information across various contexts and chat threads. (Be aware that many platforms limit the number of messages that can be shared, or limit how messages are stored or accessed beyond certain periods, making audits difficult or impossible.)
• Makes it easy to establish, organize, and manage one-on-one conversations, as well as group chats. Some, like Buzz, offer more sophisticated controls over adding and removing group members as you go, and limiting or granting access to PHI to specific group members.
• Integrates with electronic medical records (EMRs).
• Allows you to communicate with third parties when necessary, without prohibitive additional costs. Healthcare is a complex enterprise and requires the coordination of large numbers of people, some of whom work outside your institution. Being able to communicate with these third parties within your HIPAA-compliant platform will streamline care coordination while increasing patient privacy.
• Lets you communicate however you need to — wherever you need to. Look for a platform that works well on all your go-to devices (including phones, tablets, and desktops), and that allows you to communicate however you need to (via text, voice, and video).
• Is easy for your patients to use. Don’t put your patients through confusing sign-up procedures or proprietary app downloads. Look for applications that allow patients to access functions like video chat through ordinary hyperlinks — no downloads required.

Finally, make sure the company you partner with understands your needs and isn’t selling a service that’s awkwardly retrofitted to function within the healthcare space. Platforms that focus on the healthcare space will be better able to adapt to healthcare’s changing demands. Look for a partner with a strong in-house programming department and a responsive customer service team. As a healthcare provider, you strive to provide the best care to your patients. The platform provider needs to be absolutely dedicated to ensuring your success.

Part II: Strategies for Efficient, Secure, and Successful Communication.

Security, privacy, and HIPAA compliance alone are sufficient reasons to adopt mobile messaging platforms, but we’ve found that such platforms also have the potential to transform healthcare for the better in more ways than one. In this section, we’ll walk you through what successful implementation of mobile messaging and clinical collaboration looks like, and highlight some of the key opportunities that mobile messaging and clinical collaboration bring to healthcare.

Adopting these communication and collaboration practices truly transforms care. When providers can quickly and easily access centralized communications about particular patients, they are better informed, better able to answer patient inquiries, and better at avoiding redundant communication between care teams.

Successful platforms go beyond the basics of information exchange. They help streamline information to enable truly collaborative experiences. While in-app chat is a primary function of these communication platforms, some, like Buzz, also enable you to store notes, make dictations, make phone calls, and set up video conferences, set up event reminders, edit EMRs or electronically sign documents, and tag conversations for better recall in future. These functions are synergic and should be treated as such to get the best results.

Organize Communication Around Individual Patients.

We’ve found that organizing conversation groups around particular patients is an excellent way to coordinate care, and allows for some of this synergistic functionality to occur. This organizational strategy is not only great for coordinating care between team members in your institution, but also with third parties involved in your patient’s care.

Centralizing communication about a patient allows you to:

• Post relevant charts and other patient info to one place for quick reference.
• Reference and even update EMRs directly through the platform.
• Schedule events that simultaneously appear in the group chat and on the schedules of invited group members.
• Enable care providers to share comprehensive, real-time patient updates across multiple departments.
• Give third party care providers either limited or comprehensive access to your organization’s communication about the patient. This brings them up to speed immediately, and can seriously improve handoff.
• Create an invaluable record of care for future reference.

In addition to creating groups around patients, we recommend organizing separate purpose-oriented conversation groups around announcements, pandemic updates, marketing initiatives, or other endeavors within your institution. Organizing conversation groups in this way keeps them focused, effective, and manageable. Billing and insurance departments can benefit from these workflow tools as much as clinical staff.

Clearly Assign Roles and Responsibilities

We also recommend adopting standard conventions for assigning responsibilities within groups such as:

• nominating group admins;
• uploading patient summaries or care plans; and
• for naming and forming groups.

Clearly delegating responsibilities will ensure that groups are created and managed in a dependable fashion. Adopting thoughtful standardized naming conventions also seriously helps with searchability and organization.

For example, Buzz provides various tools to make these tasks easy, including templated forms. If your platform lacks these specific functions, we still recommend creating documents outlining these responsibilities and naming conventions. Use an Excel Spreadsheet if you have to.

For some real-world examples of highly functional workflows, delegated responsibilities, and naming conventions, you can check out our Guide to Patient-Centric Communication.

Nominate Administrators and Super Users

We’ve found that institutions have the best success in introducing new practices and technologies when they empower staff to assist in the transition. Some employees are quick to recognize the potential of these tools and can be invaluable in assisting others to recognize the potential too. Make sure that whoever is primarily responsible for the adoption of the new platform within your institution identifies and gets support from these potential allies. At Skyscape, we call these employees “Super Users.”

Admins are just as important as Super Users. While developing Buzz, we’ve created tools that enable you to assign either institution-wide or group-specific administrative privileges to individuals. As previously mentioned, group admins can add or remove individual users to and from particular conversations over time, and can even control whether new members have access to previously posted comments or information.

Don’t be afraid to ask for Your Platform’s Assistance

Finally, remember that there is a staff of experts invested in your successful adoption of their platform. Many communication and collaboration platforms (that include Buzz!) have staff members that are happy to walk you through the process and get the most out of their software. These platforms have experience with organizations across the healthcare space. They’ve seen what works and what doesn’t. Make sure you take advantage of their expertise.

Prior to the pandemic, we would set up our training team to meet with clinicians and administrators in person — nowadays, all such activities are performed remotely.

When you are ready to explore your options and deploy HIPAA- secure Communication and Collaboration platform, please reach out to Skyscape to take advantage of a free suite of features, including unlimited video calling, offered in 2020.

If the unprecedented pace of digital health transformation makes you dizzy, you are not alone! The complexity of the health-tech platforms as well as the increasing burden to secure the exploding data has been driving its participants crazy. With Medpresso Buzz, we are curating the latest trends for you — please visit and do consider subscribing to the newsletter.