Every healthcare provider (and now vendor too) is required to address and comply with the final HIPAA ruling. The age of mobility – where clinicians are increasingly turning to smart devices to communicate with one another – is only adding to the challenge. However, when hospitals and health systems look to the market for solutions that will help them address this issue, they’re often met with an even greater hurdle: deciding whether to prioritize patient privacy over patient safety. Let’s take a look at both approaches:
- Prioritizing patient privacy – Many vendors are pushing the secure texting agenda using scare tactics, and it’s no surprise that some hospitals and health systems are falling into the trap. But think about it this way: if a physician who is on vacation is sent a secure message which requires urgent attention, how useful is the security aspect if the patient cannot get the care they need immediately? Minutes, if not hours, could pass before someone realizes that the message was sent to the wrong person, determines who the right physician is and finds the information they need to take action. This delay can have a negative impact on patient safety.
- Prioritizing patient safety – On the other hand, some providers aren’t taking HIPPA seriously enough, but are operating “business as usual.” This approach has its own risks, as failing to secure your clinical communications can mean breaches in patient privacy, followed by hefty fines from CMS. The cost of critical patient information being compromised is too high to ignore, but doing so at the cost of patient safety can be an even bigger risk.
The challenge for any organization is to find the balance between privacy and safety. Every organization has its unique set of risks and outlooks; there is no “one-size-fits-all” solution. How heavily you weigh one approach over the other should be determined based on your organization’s needs after completing a comprehensive risk assessment across all forms of communications. Only then can an organization develop an appropriate risk management strategy that addresses vulnerabilities and implements policies and procedures to prioritize one approach over another.
The bottom line is: we have to improve, not just secure, clinical communications processes to successfully balance patient privacy and patient safety.