Texting and E-mail in Medical Offices

Your To-Do List
•Find out what you are doing already with texting –ask and then verify!
•Discover what should be protected (and may not have been)
•Implement secure texting for the office using the free apps (Signal, Telegram, WickrMe)
•Get permission to contact cell phones for healthcare and payment purposes and follow-up communications
•Provide secure alternatives for patient communications and allow choosing a non-secure process if they prefer
•Look into other communication platforms to integrate texting, triage, and documentation
•Identify your issues and plan their mitigation

-Jim Sheldon-Dean

Triwest Health Net Registration

Dear Midwives and Birth Center Providers,

If you bill Triwest, which is now Triwest HN, please complete the attach forms and send to your biller for submission.  Claims will not be processed unless you are added to their system. Thank you

Midwives (complete regardless of license)

https://www.tricare-west.com/content/dam/hnfs/tw/prov/resources/pdf/nnw-applications/indvdl-app-midwife.pdf

Birth Center

https://www.tricare-west.com/content/dam/hnfs/tw/prov/resources/pdf/nnw-applications/instit-app-birth.pdf

Texting and E-mail in Medical Offices

Security and Incident Policy Help
•The SANS Security Policy Project
–A Short Primer For Developing Security Policies, samples, guidance
–Available at: http://www.sans.org/resources/policies/
•New York University HIPAA security policies
–A good level of detail; many of the concepts are directly transferable
–http://www.nyu.edu/about/policies-guidelines-compliance/policies-and-guidelines/hipaa-policies.html
•NIST Guide for CybersecurityEvent RecoverySP 800-184, an excellent overall guide that now incorporates incident handling and contingency planning:http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
•NIST Computer Security Incident Handling GuideSP 800-61 Revision 2, a practical guide to responding to incidents and establishing a computer security incident policy and process: http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf
•In addition, the September 2012 NIST ITL Bulletin focuses on the revised SP 800-61, available at: http://csrc.nist.gov/publications/nistbul/itlbul2012_09.pdf

Texting and E-mail in Medical Offices

Patient Communication Policies
•Define the usual, preferred, secure means of communication, and the preferred insecure alternatives
–Consider what you are “reasonably able” to do
•Require patient to request using insecure communication methods, and indicate preferred method to be used
•If an insecure method is requested, consider it according to §164.522(b)(2) and §164.524(c) and guidance
•If an insecure alternative method is granted:
–Explain the risks to the patient
–Obtain consent (with signature if appropriate)
–Inform those who communicate of the preference
•Document the request and consent or denial

-Jim Sheldon-Dean

Texting and E-mail in Medical Offices

Beware the TCPA
•Telephone Consumer Protection Act of 1991
•Be cautious, especially for any calls or texts relating to billing or financial matters
•Get consent up front to call the number provided for healthcare and financial purposes, including reminders and follow-up
•If you don’t get consent, watch out!
–Penalties for, without consent, calling a cell phone or leaving a payment related message (voice or text)
–Penalties for, without consent, calling a cell phone or leaving a healthcare related message more than one minute (voice) or 160 characters (text) long; no more than one per day or three per week

-Jim Sheldon-Dean