MedCity Influencers, Health IT

The changing nature of healthcare compliance during Covid-19

There will come a time where HIPAA compliance relaxations related to Covid-19 will end and so it is important that health systems architect their SMS and mobile communication strategies for the long term.

The onset of Covid-19 has dramatically reshaped life as we know it. This is especially true in healthcare, where health systems and clinicians are treating unprecedented numbers of patients. The palpable stress caused by the uncertainty of a patient’s well-being coupled with daily media updates surrounding Covid-19’s devastating impact is accelerating the need for fast and reliable communication between caregivers and patients’ families.

Traditionally, meeting the public’s demand for faster and more instant forms of communication has proved a slow process in the healthcare industry. With today’s preference for text messaging and other app-based messaging services, patients are increasingly seeking instant communication when either themselves or a family member visits a doctor. In fact, a recent survey found 90% of respondents would like the ability to communicate via secure text messaging with a family member’s care team if their loved ones were ill.

Healthcare Compliance Then and Now
Established in 1996, the Healthcare Insurance Portability and Accountability Act (HIPAA) provides privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals or other healthcare providers. Public awareness of the law has increased in recent years due to highly publicized data breaches and ransomware attacks on healthcare insurers and providers.

Prior to the Covid-19 outbreak, healthcare providers could face costly HIPAA violations for clinician-patient text communication if text messages contained any protected health information (PHI) for which a patient had not given their consent. However, Covid-19’s unprecedented impact on the healthcare industry has led governmental agencies to ease penalties associated with telehealth use. According to a recent announcement by the Department of Health and Human Services’ Office for Civil Rights (OCR), the agency will not impose penalties for noncompliance against covered providers who use telehealth vendors that may not fully comply with HIPAA during Covid-19.

While this announcement is helping to alleviate clinicians’ communication compliance concerns, the OCR is still urging healthcare teams to use secure solutions that can protect PHI. It is important to understand that using third-party applications exposes patients and clinicians to serious security threats because some applications have not been properly vetted by regulatory agencies. Further, as hospitals work through a never-before-seen uptick in patient admissions, the opportunity for patient security and privacy threats is heightened and potential threats may not be flagged as quickly as they would be prior to the outbreak.

Covid-19 Clinician-Patient SMS Checklist
The implementation of secure cloud-based communication solutions can provide a great way for clinicians to utilize their personal devices to quickly provide patients and patients’ loved ones status updates without compromising patient privacy.

When searching for secure cloud-based solutions, it is paramount the solution provides a clear and easily understood way to collect HIPAA consent from patients before SMS communication begins. One way to achieve this clarity is by searching for solutions with “Opt-In/Opt-Out” features for patients. In practice, this feature offers an explicit HIPAA consent message that is initially sent to a patient before a dialogue begins and confirmation to “Opt-In” or “Opt-Out” of the conversation is requested. The confirmation message is auditable consent and can be used to demonstrate compliance and assurance that PHI has not be compromised.

Other features to consider when choosing a compliant SMS communication solution include a simple and easily navigable administration portal for IT teams to manage clinician communication, as well as the ability to seamlessly integrate with existing tools that are core to communication, data capture and compliance.

Eliminate Communication Band-Aids: Planning for the Long Term
Today, it may seem like the alternate reality created by the onset of Covid-19 has no end in sight. However, it is important to understand there is “a light at the end of the tunnel.” There will be a day, whether it’s weeks or months from now, where businesses reopen, police officers and park rangers lessen enforcement of 6-feet social distancing and the public feels more comfortable leaving their homes.

Similarly, in healthcare, there will come a time where HIPAA compliance relaxations related to Covid-19 will end. For this reason, it is important that health systems architect their SMS and mobile communication strategies for the long term.

When building a mobile communications strategy, it is critical health systems pay attention to the following components:

  • Patient data protection policies
  • Documentation and archiving requirements
  • Acceptable use policies
  • Patient responsiveness policies
  • Security controls on the device
  • Company rights for altering the device, such as remote wiping for lost and stolen devices


With some states extending ‘shelter-in-place’ ordinances to early June, Covid-19 continues to fuel anxiety, stress and uncertainty around what the future will hold. Any medical concerns, whether big or small, are exacerbated by the current tidal wave of fear related to the virus. If a loved one becomes sick during this time, it is critical that nurses, field staff and caregivers can quickly communicate with patients and their family members.

Compliance is, rightly so, one of the last things on a clinician’s mind when serving patients today. However, even as the OCR relaxes its compliance regulations, it is still very important to ensure PHI remains private. Leveraging secure, cloud-based communications solutions eliminate this stress for healthcare providers and allows them to focus on treating the growing number of patient admissions.

More importantly, leveraging secure communications solutions can provide family members with status updates around their loved ones’ wellbeing, as well as what clinicians are doing to help them beat their ailments and return home.



Sean Winter serves as Vice President of Global Client Success at Movius Corporation. Prior to Movius, he served as Head of Top Account Program of Cornerstone OnDemand and Vice President of Solutions Consulting at Jive Software.

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.