We are really excited to announce today that Lua has undergone an external HIPAA audit, and that we now comply with HIPAA security standard requirements! There is an urgent need for quick communication amongst healthcare workers, and we wanted to make sure that our clients have complete confidence in how we handle sensitive health information.
What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. The primary goal of the law is to protect the confidentiality and security of your health information: medical history, test results, insurance information, and all other sensitive data.
It has been clear to us for some time that healthcare organizations could really raise their effectiveness with enterprise-grade mobile messaging. Physicians and nurses are always dispersed and on the move, and often need to attend to critical issues wherever they are. Time is wasted tracking down colleagues to get urgent questions answered, and existing tools such as pagers, radios or email aren’t discreet or conducive to critical communication. It’s not surprising that physicians have turned to texting, often without the approval of IT. And when they turn to texting, it might be using non-compliant means such as personal SMS or consumer messaging apps such as WhatsApp or Facebook Messenger.
This comes at a huge risk: there are major penalties for violating HIPAA Law and requirements. A single violation for an unsecured communication can result in a fine of $50,000, and repeated violations can lead to millions in fines in a single year. These are fines that neither the individual staff member nor the organization can afford.
Lua not only complies with HIPAA, we also sign Business Associate Agreements. This is an important legal document that all HIPAA compliant organizations must obtain from a vendor that receives, maintains or transmits Protected Health Information (PHI) on their behalf. To request a BAA from Lua, just email us at email@example.com!
So how can mobile messaging help you improve your healthcare organization? For one, things get done faster when decisions can be made on the move: staff and patient waiting time gets significantly reduced. Important decisions do not get delayed: conversations can happen from anywhere. And Lua’s accountability features mean that you can rest easy knowing critical messages are being addressed.
What is a HIPAA Business Associate (BA)?
A HIPAA Business Associate (BA) refers to a person or organization that conducts business with the HIPAA Covered Entity (CE) and touches the Protected Health Information (PHI) that the covered entity is stewarding on behalf of the patient.
Business Associates (BAs) include those vendors that do business with a HIPAA Covered Entity (CE). Under the HIPAA Omnibus Final Rule any service that that receives, maintains or transmits PHI on behalf of a Covered Entity is considered Business Associate even if the associate does not actually view the protected health information.
What are the penalties to my organization if employees are caught texting PHI via apps that are not HIPAA compliant?
The penalties for non-compliant texting of PHI are steep. A single violation for an unsecured communication can result in a fine of $50,000 and repeated violations can lead to millions of dollars in fines in a single year.
Do services like SMS, WhatsApp, Facebook Messenger and Skype meet HIPAA requirements?
No. Generally, consumer messaging apps do not meet HIPAA security standard requirements and are not safe to use when communicating PHI.
Visit our website to read more more helpful HIPAA FAQs.