Most of us may not think twice before using a cell phone to make a quick call for work or message a co-worker. Unfortunately, healthcare professionals in the United States do not have the same flexibility when communicating with their patients. The primary reason is to comply with privacy and security regulations protecting information about a patient's health. Also, many physicians do not like to share their personal phone numbers with patients due to privacy concerns. But patient demand for more responsive communication, including text messaging to and from their healthcare providers, is on the rise. Can healthcare professionals use a cell phone to communicate with patients without compromising HIPAA security and privacy regulations? According to the founders of iPlum, a fast-growing California-based health tech startup, the answer is yes.
All healthcare providers must comply with HIPAA - the federal law that governs the privacy and security of patient health information or PHI. HIPAA also covers any business associates or partners who work with PHI, including phone companies. Before using a third party for PHI-related work, healthcare providers must have a signed Business Associate Agreement (BAA). The partner must submit a risk assessment, train their employees on HIPAA compliance, and have security and privacy in place. Without a BAA contract in place, the healthcare provider is liable if any PHI is compromised. And the penalties for non-compliance with HIPAA can be huge. They can range from USD 500 to USD 1.5 Million annually. This includes the potential for jail time from one to five years, depending on the case.
HIPAA offers an exemption for companies that act as conduits and merely transfer PHI without storing the information. In the past, phone companies may have qualified under this act. But with today's digital phone services and connected cloud technology, does this still hold? If a patient or a healthcare provider leaves a voicemail about their health, PHI data may be stored. And how about text messaging or if a patient sends a photo of a rash or another health condition?
Until now, healthcare professionals have had limited options to return a patient's call or perform a quick follow-up with a patient after working hours. The 'block caller ID' feature on their phones is ineffective. Patients do not always pick up calls from unknown or restricted numbers. The FCC even warns consumers against answering calls from unknown numbers to combat robocalls and spam calls. And sending a quick text to a patient would expose the doctor's phone number.
There is also a real security threat with storing patient contact information and texts related to a patient's health. Most smartphones sync and store data on a cloud - without encryption. Additionally, in many households, information from phones is synced with a tablet or other devices. This means that even if a physician or nurse is careful, someone else in their home may accidentally view confidential patient information - a HIPAA violation. And if the phone gets hacked, damaged, or just lost, it may be impossible to prevent someone else from getting their hands on this information.
In an ideal world, physicians could pick up their phones and communicate with patients with the reassurance that they are HIPAA-compliant. All PHI would have end-to-end encryption and stored separately from non-patient data. The entire process would be incredibly convenient for both patient and physician. For example, patients should not have to, and may not consent to, downloading a specific HIPAA-compliant app to talk or chat with their healthcare provider. And this is what iPlum's HIPAA-compliant calling and texting service offers - compliance and convenience for healthcare providers, without the hefty price tag.
iPlum allows healthcare workers to keep their existing numbers and provides a separate business line to keep business and personal communication separate. Each iPlum number has its own BAA as an added level of security. Calls and text messages have end-to-end encryption and have no special charges for phone or carrier. The auto-attendant feature helps smaller clinics and physicians in a solo practice direct patient calls to specific extensions without the overhead of receptionists or a call center. The app is also password-protected, a HIPAA requirement. Data is deleted weekly, not stored locally, and only encrypted information is stored on servers. If a phone is lost or compromised, iPlum's HIPAA-compliant line can even de-register an account remotely - which prevents access to the secure data.
Due to the COVID-19 pandemic, iPlum had to rapidly ramp up their resources over the past two years to handle the sudden rise in demand for their HIPAA-compliant line from healthcare workers. Even after the pandemic ends, patients will continue to appreciate the ability to rely on audio calls with healthcare providers. Not all patients have smartphones or are familiar with online patient scheduling software. According to BroadbandNow, a data aggregator, 42 million Americans do not have the ability to purchase broadband internet. Often, it is convenient for patients to place an audio call and schedule or re-schedule appointments, enquire about services, test results, medication refills, or discuss their symptoms. Patients can also track and report vitals easily through a phone call or a quick text message. In particular, the elderly and those in rural areas without adequate broadband coverage will benefit most from answering calls on their regular phones without having to navigate video conferencing, additional software, or worry about missing out on vital communication about their health.
A 2019 study by Griffith, et al published in the American Journal of Managed Care states, "For many patients, picking up the telephone is the first step in their engagement with the healthcare system." Better communication with patients can help increase patient satisfaction scores or HCAHPS scores. 96% of over 600 IT leaders in healthcare surveyed stated that they saw HCAHPS scores increase with the use of smartphones, tablets, and mobile devices. The lack of proper and timely communication with patients has more adverse consequences than low patient satisfaction scores. Communication failures contribute to 50-80% of the most harmful patient events in a hospital.
Physicians and other healthcare workers will benefit from using their own phones with a separate secure HIPAA-compliant line with its own BAA. And patients dealing with health conditions and their symptoms will welcome not having to endure long wait times on phone calls, or the need to navigate new technology to ensure the privacy of their health information.
 Griffith, K. N., Li, D., Davies, M. L., Pizer, S. D., & Prentice, J. C. (2019). Call center performance affects patient perceptions of access and satisfaction. The American journal of managed care, 25(9), e282-e287.