‍

Electronic communications (e.g., texting, email, video conferencing and online chat) have become the dominant form of communication today, especially during the COVID-19  pandemic where virtual care solutions have grown exponentially. While electronic communication offers many benefits, it also poses risks to the privacy of individuals and to the security of personal/protected health information (PHI). It is important for healthcare providers to be aware of these risks and take appropriate steps to mitigate them before using these technologies in their professional communications between peers and patients. Both patients and providers need to be confident knowing that any sensitive information is handled and stored with strict standards and safeguards to prevent unauthorized access or dissemination.

Best Practices

Here are some points for best practices when using electronic communication tools:

• Ensure encryption whenever possible, particularly when PHI is involved. Always check the encryption standards of any platform that is used (usually easily found on the company website and product specifications)
• Avoid unsecured public networks.
• All systems, applications, and devices should be behind a firewall with anti-virus/malware software installed.
• Install only on devices that are secure and running latest versions of the operating systems as outdated versions may have security vulnerabilities
• Ensure there is a PIN lock, password and biometrics where available
• Use strong passwords (e.g. longer passwords that use a combination of numbers, letters, cases, and special characters).
• Do not reuse passwords.
• Do not share passwords.
• Validate the recipient’s identity before sharing PHI.

When choosing a new healthcare electronic communication solution, the following are some key questions to consider:  

• What privacy and security measures have been built into their software?
• Is the PHI protected (e.g. encrypted) in transit (during transmission) and at rest (in storage on servers and devices)?
• Does the vendor keep any information for their own purposes? If so, what information is stored, and how is it used?
• Where are the servers that store PHI located?  The location of the servers are important as data crossing international borders may be subjected to interception due to national security policies

Although most healthcare information privacy laws have similar components, it is important that decision makers understand the local rules and regulations to ensure they are compliant with local policy. When in doubt, consult with your local privacy commissioner or regulatory bodies for advice to prevent headaches down the road.

About Privacy Horizon Inc

Privacy Horizon Inc. (“PHI”) is a data privacy and security service provider for small and medium sized organizations in the healthcare and financial services sectors. Through the PHI Framework™, PHI provides the tools, training, and risk management resources needed to enable organizations to build privacy and security controls into their products and services. Privacy Horizon’s mission is to equip organizations with the infrastructure and capabilities necessary to safeguard the privacy rights of individuals and protect personal information and critical infrastructure from loss or theft, or from unauthorized access, modification, copying, collection, use, disclosure or retention.

About Hypercare

Built by clinicians for clinicians, Hypercare understands the pain points of your workflow that prevents you from providing the high-level care that you want to your patients. We provide smart features to take out some of the mind-numbing tasks in your day so you can better focus your attention and energy.  Hypercare combines clinical messaging and multimedia sharing, robust scheduling platform , automated on-call schedule management, and task lists all in a HIPAA compliant and encrypted platform.

Visit www.hypercare.com to learn why more than 60 healthcare organizations trust Hypercare, and choose us for clinical communication and collaboration.