LCHM Summer 2018 - 9

L C M E D S O C .O R G

the PHI data is at rest. Before texting a patient, confirm you have a signed
agreement in place showing the patient accepts the PHI in this format. It
sounds like a lot of work to lower your risk of PHI disclosure; the Patient
Portal is starting to look pretty good right now, doesn't it.

Since the inception of the Privacy Rule (HIPAA) in 2003 the OCR has
investigated and ruled on approximately 171,000 reported cases of PHI
disclosure (hhs.gov)³. These rulings resulted in civil monetary penalties
of $78 million paid by covered entities.

Contact lists on your smartphone, kidding, right? Unfortunately, if
you are storing patient names and numbers in your contact list you more
than likely already had a PHI breach. Your phone carrier is collecting
data and either sharing it with your social media contacts or using it for
their own social media connections. If you want to keep patient names
and numbers on your smartphone use an encrypted contact list app to
protect everyone involved.

Identify your areas of risk when using your smartphone in patient care,
know where your greater risk lies and focus on mitigating that risk by
reviewing, enforcing, and auditing your compliance policies. Heathcare
compliance is not going away, the OCR is not going away; your risk of
a PHI disclosure is high if you choose to ignore and do nothing. Your
smartphone can be an efficient and cost-effective way for you to manage
your patients' care; use it wisely. Protect your patient and protect yourself
by investing in encryption software and comply with your organization's
mobile device policy.

The camera on your smartphone is taking better pictures than the
Nikon you paid big dollars for. The camera on your smartphone is helpful
when you want to ask a colleague for his or her opinion about a patient's
dermatitis or x-ray; this is fine so long as the photo has no identifying patient
information. The trouble comes when the camera picks up PHI. There are
18 specific identifiers of PHI; you are familiar with the basics: name, date
of birth, social security number, and address. However, if that x-ray had
a patient medical record number (MRN) listed or a chart number, that
is PHI. The Privacy Rule requires you to protect any and all individually
identifiable health information; this includes serial numbers of implantable
medical devices, past, current and future diagnosis, health insurance and
policy numbers; are all PHI. PHI includes items that most providers
would not consider PHI. The Privacy Rule includes physical recognition
as PHI. For example, your patient's face, scars, tattoos, or disfigurement are
all included under PHI and could be considered a PHI disclosure when
photographed and shared outside of the minimum necessary requirement
(hhs.gov)². Have you been the recipient of a text and/or pictures of patients
from a peer that was shared with you because the patient was of interest or
the situation was of interest (incredible body art [tattoo])? What was the
purpose of the shared text or photo? Were you asked to provide medical
advice or was it a curiosity? Physicians have a responsibility to protect
all of their patient; if you have a patient of celebrity status you may be
inclined to take a photo and share it. This would be considered a breach
if the individual you were sharing it with had no reason to have access to
that information; remember the minimum necessary rule.
How familiar are you with Business Associate Agreements (BAAs)?
These are the contracts we have with our business associates that have
access to our patient's PHI. We have BAAs with our EMR vendors,
our attorneys, our general business and medical malpractice insurance
companies, etc. We do not have a BAA with our cell phone providers;
this would be necessary for any physician using his/her smartphone to
store or transmit PHI. If your smartphone is automatically backing up
to or using cloud storage you should turn off that feature if you chose to
use your smartphone in your medical practice. Cloud storage is literally
someone else's server where you have no control over storage or security
of your data. Our contracts and agreements with the carriers typically do
not include HIPAA compliance and it would be an exercise in futility to
attempt to obtain a BAA from the carrier.

REFERENCES
1. Reaction and Analysis: Office of Civil Rights takes a position on texting in healthcare. McClure,
B. March 2018.
2. Minimum Necessary Requirements, https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/
minimum-necessary-requirement/index.html
3. Enforcement Results as of March 31, 2018, https://www.hhs.gov/hipaa/for-professionals/
compliance-enforcement/data/enforcement-highlights/index.html

!

ck

Ba
s
'
It

36-MONTH DOUBLE BUMP
SHARE CERTIFICATES
Give your savings a boost with the double bump share certificate,
featuring two automatic rate increases - guaranteed.
Money matters to people, people matter to us.

Federally insured by NCUA.

vision sfcu .org

*APY = Annual Percentage Yield. Credit union membership of $25 is required. Blended APY assumes principal
and dividends remain on deposit for the term of the certificate. APY increases .51% on the yearly anniversary
date. Initial APY is 1.87% for year one, 2.38% for year two, and 2.89% for year three. 36-month term. Minimum
balance of $500. Maximum deposit aggregate of $1,000,000 per member account number. Dividends calculated
using the average daily balance method. This method applies a periodic rate to the average daily balance in
the account each month. Dividends are credited monthly. Dividend rates are based on credit union earnings at
the end of the dividend period and cannot be guaranteed. Dividends earned on balances of $500 and greater.
Fees may reduce earnings on account. Early withdrawal penalties may apply. Federally insured by NCUA up to
the maximum allowed by law. Unless otherwise instructed, product changes to standard 36-month certificate
upon maturity, earning applicable APY at that time. This offer, including the advertised rates and APY, is accurate
effective May 16, 2018. Visions Federal Credit Union reserves the right to end or modify this offer at any time.

SUMMER 2018 | Lehigh County Health & Medicine 9


http://www.LCMEDSOC.ORG http://www.hhs.gov https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/ https://www.hhs.gov/hipaa/for-professionals/ http://www.hhs.gov http://www.visionsfcu.org

Table of Contents for the Digital Edition of LCHM Summer 2018

LCHM Summer 2018 - 1
LCHM Summer 2018 - 2
LCHM Summer 2018 - 3
LCHM Summer 2018 - 4
LCHM Summer 2018 - 5
LCHM Summer 2018 - 6
LCHM Summer 2018 - 7
LCHM Summer 2018 - 8
LCHM Summer 2018 - 9
LCHM Summer 2018 - 10
LCHM Summer 2018 - 11
LCHM Summer 2018 - 12
LCHM Summer 2018 - 13
LCHM Summer 2018 - 14
LCHM Summer 2018 - 15
LCHM Summer 2018 - 16
LCHM Summer 2018 - 17
LCHM Summer 2018 - 18
LCHM Summer 2018 - 19
LCHM Summer 2018 - 20
LCHM Summer 2018 - 21
LCHM Summer 2018 - 22
LCHM Summer 2018 - 23
LCHM Summer 2018 - 24
LCHM Summer 2018 - 25
LCHM Summer 2018 - 26
LCHM Summer 2018 - 27
LCHM Summer 2018 - 28
LCHM Summer 2018 - 29
LCHM Summer 2018 - 30
LCHM Summer 2018 - 31
LCHM Summer 2018 - 32
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHM_Fall19
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHM_Summer19
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHM_Spring19
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHM_Winter18
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHM_Fall18
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHMSummer18
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHMSpring18
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHMWinter2018
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHMWinter18
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/Fall2017
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHMSummer2017
http://www.nxtbook.com/hoffmann/LehighCountyHealth_Medicine/LCHMSpring2017
http://www.nxtbookMEDIA.com