7 Emerging Technology Risks
The Risk List is presented by:
Do You Know if Your Electronic Communications are HIPAA Secure?
As ubiquitous as text messaging is, many wonder why doctors can’t freely text with their patients. But regulators are clear on this. Text messaging is too vulnerable to information theft to be used unguarded in provider-patient communication.
The responsibility to secure medical information is clearly outlined and enforced by the Health Insurance Portability and Accountability Act or HIPAA.
In order to manage the risk of new forms of electronic communication, there are specific rules for health care professionals to follow when using text messaging and email as provided by the Centers for Medicare and Medicaid Services Office for Civil Rights (ORC).
Below are best practices regarding electronic messaging of patient information.
What’s the importance of security and encryption in relation to text messaging in health care?
The Joint Commission states that in addition to its violations of HIPAA, unencrypted text messaging provides no way to verify the identity of the person sending the message or to retain the information sent and validate it as part of the medical record.
What is unencrypted text messaging?
Traditional Short Messaging Service (SMS) messaging is transmitted over non-secure and noncompliant networks. The majority of traditional SMS messages are delivered as mobile phone to mobile phone messages; however SMS messages are also delivered via other electronic technologies, which also fall under HIPAA governance:
• Email to mobile phone number
• Mobile number to an email address
• Phone number to alphanumeric pager
• Email to alphanumeric pager
So how do medical professionals text or email information to and from colleagues and patients in a secured encrypted network?
HIPAA requires that a covered entity be in accordance with §164.306 and implement a mechanism to encrypt and decrypt electronic protected health information. (45 CFR § 164.312(a) (2) (iv)). It is also required to implement the Advanced Encryption Standard (AES) encryption protocol system with either 128-bit or 256-bit encryption.
Your company or office IT and telecommunications department needs to ensure compliance with the above encryption standards.
What are the benefits of these encrypted / secured services?
Once the physician or medical office has implemented an encrypted mechanism, the sending and receiving of instant information, patient health issues, reports, and referrals as well as communicating with peers, will all be transmitted in secure, protected environments.
Are there any limits when using SMS?
Yes, there is a strict limit of 160 on the number of characters allowed to be sent. Only the first 160 characters will be sent from an email message to a mobile phone and from a mobile phone to an email user. To avoid misunderstandings, it is recommended that caregivers use approved abbreviations when communicating peer-to-peer.
Does your IT department need to make changes to your smart phones or devices?
Yes, your IT team must enable remote access capabilities on your smart phone, so that you can erase (scrub) all the data from it if it is lost or stolen; and you must keep a record of this loss or theft of your smart phone for auditing purposes.
A Modern Claims Philosophy: Proactive and Integrated
According to some experts, “The best claim is the one that never happens.”
But is that even remotely realistic?
Experienced risk professionals know that in the real world, claims and losses are inevitable. After all, it’s called Risk Management, not Risk Avoidance.
And while no one likes losses, there are rich lessons to be gleaned from the claims management process. Through careful tracking and analysis of losses, risk professionals spot gaps in their risk control programs and identify new or emerging risks.
Aspen Insurance embraces this philosophy by viewing the data and expertise of their claims operation as a valuable asset. Unlike more traditional carriers, Aspen Insurance integrates their claims professionals into all of their client work – from the initial risk assessment and underwriting process through ongoing risk management consulting and loss control.
This proactive and integrated approach results in meaningful reductions to the frequency and severity of client losses. But when the inevitable does happen, Aspen Insurance claims professionals utilize their established understanding of client risks and operations to produce some truly amazing solutions.
“I worked at several of the most well known and respected insurance companies in my many years as a claims executive. But few of them utilize an approach that is as innovative as Aspen Insurance,” said Stephen Perrella, senior vice president, casualty claims, at Aspen Insurance.
“We do a lot of trending and data analysis to provide as much information as possible to our clients. Our analytics can help clients improve upon their own risk management procedures.”
– Stephen Perrella, Senior Vice President, Casualty Claims, Aspen Insurance
Utilizing claims expertise to improve underwriting
Acting as adviser and advocate, Aspen integrates the entire process under a coverage coordinator who ensures that the underwriters, claims and insureds agree on consistent, clear definitions and protocols. With claims professionals involved in the initial account review and the development of form language, Aspen’s underwriters have a full sense of risks so they can provide more specific and meaningful coverage, and identify risks and exclusions that the underwriter might not consider during a routine underwriting process.
“Most insurers don’t ever want to talk about claims and underwriting in the same sentence,” said Perrella. “That archaic view can potentially hurt the insurance company as well as their business partners.”
Aspen Insurance considered a company working on a large bridge refurbishment project on the West Coast as a potential insured, posing the array of generally anticipated construction-related risks. During underwriting, its claims managers discovered there was a large oil storage facility underneath the bridge. If a worker didn’t properly tether his or her tools, or a piece of steel fell onto a tank and fractured it, the consequences would be severe. Shutting down a widely used waterway channel for an oil cleanup would be devastating. The business interruption claims alone would be astronomical.
“We narrowed the opportunity for possible claims that the underwriter was unaware existed at the outset,” said Perrella.
Risk management improved
Claims professionals help Aspen Insurance’s clients with their risk management programs. When data analysis reveals high numbers of claims in a particular area, Aspen readily shares that information with the client. The Aspen team then works with the client to determine if there are better ways to handle certain processes.
“We do a lot of trending and data analysis to provide as much information as possible to our clients,” said Perrella. “Our analytics can help clients improve upon their own risk management procedures.”
For a large restaurant-and-entertainment group with locations in New York and Las Vegas, Aspen’s consultative approach has been critical. After meeting with risk managers and using analytics to study trends in the client’s portfolio, Aspen learned that the sheer size and volume of customers at each location led to disparate profiles of patron injuries.
Specifically, the organization had a high number of glass-related incidents across its multiple venues. So Aspen’s claims and underwriting professionals helped the organization implement new reporting protocols and risk-prevention strategies that led to a significant drop in glass-related claims over the following two years. Where one location would experience a disproportionate level of security assault or slip & fall claims, the possible genesis for those claims was discussed with the insured and corrective steps explored in response. Aspen’s proactive management of the account and working relationship with its principals led the organization to make changes that not only lowered the company’s exposures, but also kept patrons safer.
World-class claims management
Despite expert planning and careful prevention, losses and claims are inevitable. With Aspen’s claims department involved from the earliest stages of risk assessment, the department has developed world-class claims-processing capability.
“When a claim does arrive, everyone knows exactly how to operate,” said Perrella. “By understanding the perspectives of both the underwriters and the actuaries, our claims folks have grown to be better business people.
“We have dramatically reduced the potential for any problematic communication breakdown between our claims team, broker and the client,” said Perrella.
A fire ripped through an office building rendering it unusable by its seven tenants. An investigation revealed that an employee of the client intentionally set the fire. The client had not purchased business interruption insurance, and instead only had coverage for the physical damage to the building.
The Aspen claims team researched a way to assist the client in filing a third-party claim through secondary insurance that covered the business interruption portion of the loss. The attention, knowledge and creativity of the claims team saved the client from possible insurmountable losses.
Modernize your carrier relationship
Aspen Insurance’s claims philosophy is a great example of how this carrier’s innovative perspective is redefining the underwriter-client relationship. Learn more about how Aspen Insurance can benefit your risk management program at http://www.aspen.co/insurance/.
Stephen Perrella, Senior Vice President, Casualty, can be reached at Stephen.email@example.com.