Eagle Consulting Partners was pleased to participate in the OACB Annual Conference in Columbus, which included a focus on improving the customer experience. Over our 18 years of working with over 70 of the Ohio County Boards in the area of HIPAA compliance, we are the first to point out that HIPAA compliance is implicated in multiple customer experience pain points. During Governor DeWine’s opening keynote, we began immediately visualizing for improvement. These three opportunities include the use of HIPAA-compliant texting, secure email that people don’t hate, and electronic signature capture.
HIPAA-Compliant Texting
HIPAA prohibits transmitting unencrypted Protected Health Information (PHI) over an open communications network. Consequently, sending PHI via standard text message is not compliant with HIPAA. Further challenges include complying with Ohio’s open records laws, which require retention of these text messages – which would be created on a service coordinator’s cell phone – since they comprise official public records.
The challenge with this prohibition is that in 2019, people, especially younger people, use texting as a primary mode of communication. Service coordinators are hamstrung if they are prohibited from texting with individuals served, their parents, and guardians. It creates a bad customer experience.
The good news is that, while standard text messages are not compliant, there are multiple applications and tools – free to expensive – that can be used while maintaining HIPAA compliance. The best customer experience, and the highest level of productivity, will come from one of the paid solutions. Vendors in this space include TigerConnect, Zinc, QliqSoft, Notifyd, and Spok, among others.
The highest staff productivity will be achieved by creating an interface with the agency’s record software – Gatekeeper, Brittco, and/or imagineIS.
The ultimate solution will greatly enhance the customer experience and at the same time improve the service coordinator’s productivity.
Secure Email that is Convenient
For the same reason that standard text messaging using PHI is prohibited by HIPAA, standard email with PHI is also prohibited. The solution is secure, encrypted email, which most County Boards have adopted as of this time. The dominant design for encrypted email requires the recipient to create an account with the secure email provider, sign into that account, and read the message from their website. Most recipients dislike or hate the experience. Less technically-sophisticated users can be extremely challenged and unable to access the email at all.
In our post from 2018, Email Encryption Considerations for DD Boards, we discussed multiple email vendors, their user experience, and highlighted our favorite encrypted email service (Citrix Sharefile), which balances a good customer experience with compliance and an appropriate level of security. There are other vendors who offer a good experience for the recipient. To improve the customer experience, Boards should take another look at their email solution and consider a change if necessary.
Electronic Signature
During a recent engagement, we had the opportunity to personally meet with about 25 service coordinators and discuss a range of HIPAA-related issues. Obtaining signatures from individuals served and/or their parents/guardians is a common challenge. We have seen at least 1 electronic signature platform in use at County Boards that was well-received by service coordinators and individuals served – improving the productivity of both. Service coordinators report up to half a day per month of unproductive time chasing signatures on paper-based documents. This unproductive time can serve as cost-justification for new systems.
Due diligence with any e-signature platform is essential, to ensure compliance with applicable law. This of course includes HIPAA, and also the following:
- ORC § 1306 Ohio Uniform Electronic Transactions Act
- ORC § 304 Electronic Records and Signatures for Counties
- ORC § 117.111 State audits regarding electronic signatures
Conclusion
In summary, agencies have the opportunity to evolve their electronic capabilities in a way that both maintains HIPAA compliance AND improves the customer experience. While this may require a significant investment, there are staff productivity benefits that can justify the expense.
