Every case management department should have a firm policy that prohibits staff from posting anything related to work, including photographs, on social media, advises Elizabeth Hogue, Esq., a healthcare attorney based in Washington, DC.
Also, when case managers send information to post-acute providers, fellow staff members, or patients via email or text, they should make sure the devices they are using are secure and the information is encrypted, she adds.
The same encryption requirements apply to teleconferencing or video chats with patients, adds Yomi Ajao, vice president for consulting at COPE Health Solutions.
“These kinds of communication all promote better patient engagement when they are used correctly in a secure type of way. Case managers should make sure they are using secure messaging any time they share patient information,” he says.
“When case managers want to engage with patients in different fashions, like email or texts, they need to do it in a way that patient information is protected, even though it may be easier to connect without using encrypted tools,” he adds.
Social media makes it easier to interact with the rest of the world, but, in doing so, case managers must protect patient information, Ajao says.
“At the end of the day, it is best that care managers keep any references to work or their patients out of social media,” he says.
Make sure any email or text messages that include patient information are encrypted, Hogue says. “According to HIPAA, it’s permissible to fax patient information or talk about it over the telephone, but it’s not OK to email or text it. With today’s technology, it’s prudent to behave as though someone is filming you all the time,” she adds.
Don’t forget that email and text messages are written correspondence. They are permanent and even if you delete them from your device, it is likely that they still can be recovered, Hogue points out.
In a memo issued in December, CMS announced that it is permissible for members of a healthcare team to send patient information via text message to other team members as long as they use a secure platform. However, CMS emphasized that texting of patient orders is prohibited regardless of the platform used. Instead, the memo stated, the preferred method is Computerized Provider Order Entry, although handwritten orders also are permitted.
“CMS acknowledges that texting as a means of communication with other members of the healthcare team has become an essential and valuable means of communication,” Hogue says.
However, she points out, in order to be in compliance with the Medicare Conditions of Participation, providers must use and maintain systems and platforms that are secure and encrypted and that minimize risks to patient privacy and confidentiality.
“Providers are expected to implement procedures/processes that routinely assess the security and integrity of texting systems in order to avoid negative outcomes that compromise patient care,” Hogue adds.