Why do Gmail and Google Apps not meet HIPAA standards and what is punishment for not being HIPAA compliant?

When the Health Insurance Profitability and Accountability Act (HIPAA) of 1996 was passed it developed regulations protecting the privacy and security of certain health information. The Privacy Rule developed standards for privacy of individually identifiable health care information. The Security Rule developed the standards for the protections of electronic information. Since then the HITECH Act of 2010 has implemented new provisions to the Security Rule called the Obnibus Rule to further strengthen security protections. Companies that send e-PHI like referral.im know these new rules and have taken the steps to follow them.
Gmail and Google Apps are NOT HIPAA compliant. Even forwarding an electronic HIPPA compliant message of electronic protected health information (e-PHI) to Gmail or Google Apps is almost always not compliant. Gmail or Google Apps are not compliant because HIPPA required features are missing. Despite not being HIPAA compliant many doctors use Gmail or Google Apps when sending e-PHI. Referral.im is HIPAA compliant but also provides a better way to receive and track referrals. Below is a list of missing features that make Gmail or Google Apps non-HIPAA compliant.

• A signed Business Associate Agreement is required and Google does not sign contracts
• Gmail outbound servers are insecure and unencrypted which is automatic violation of HIPAA
• Google provides very limited auditing of connections and access to accounts
• Google rarely follows steps for HIPAA Secured Business Policies which require:
o Ensure secure tracking of stored data
o Ensure secure disposal of hard drives and other media
o Ensure secure access to facilities
o Ensure employees with access to any data are trained in HIPAA standards
• Google says users “have no real expectation of privacy” and owns data in messages which is used to provide ads and other information which is not HIPAA compliant
• Deleted data is not guaranteed to be removed from servers
• There is no guarantee where your data goes after account is closed
• There is no HIPAA penalty for Google if data is used or disclosed improperly

Punishment for not being HIPAA compliant can range from civil money penalties to criminal prosecution. The Obnibus Rules strengthen the government’s ability to enforce the law and have made harsher penalties for not being HIPAA compliant. If the covered entities of compliance are not met civil penalties can range from $100 to $50,000 per violation with a maximum fine of $1,500,000 in a calendar year. Factors that vary the civil penalties include whether the covered entity knew of their failure to comply and if this was due to willful neglect. Criminal penalties are imposed if person knowingly obtains or discloses e-PHI it could result in a $50,000 fine and 1-year imprisonment. If wrongful conduct involves false pretenses it could result in a $100,000 fine and 5 years imprisonment. If wrongful conduct involves intent to sell or transfer for commercial or personal gain or malicious harm it could result in a $250,000 fine and 10 years imprisonment.
With services like referral.im you know your e-PHI is HIPAA compliant. Referring a patient is something almost all doctors do. Many don’t know the follow the Obnibus Rules of e-PHI or know how severer the punishments can be. Use HIPPA compliant services like referral.im and let us make sure you are HIPAA compliant.

Doctor to Doctor referrals; the most important factor

When referring to a specialist, what factors are most important to the Primary Care Physician(PCP)?

1) Quality: Of course, PCPs expect the work performed by a specialist to be performed at the highest quality. However, no matter how experienced the specialist may be, occasionally procedures provided by the specialist will be unsuccessful. PCPs trust the specialist they are referring to and will accept the failed procedure better if there is communication from the specialist; explaining what possibly went wrong. There is nothing worse than finding out about a failed treatment from the patient. Failure to communicate during these critical moments is frustrating to the patient and especially to the PCP. If you don't talk about it with the PCP, the patient's perspective will be the only opinion heard. This results in a lack of trust from the PCP. 2) Bedside Manner: Because specialists do not see each patient on an on-going basis, there tends to be less effort in providing a great bedside manner. When a patient returns to their PCP and indicates that the specialist treated them poorly, obviously, the PCP is less likely to refer. Often, a lack of competition (no other specialist in town) results in a lack of caring by the specialist. However, the specialist should not expect to forever be the only gig in town. If the specialist cares about PCP and the referrals coming in, he/she should make sure to take time with the patients and treat them properly. 3) Communication: Quality of Care and Bedside Manner are very important to PCPs. However, Communication is the most important factor. This is illustrated by the statistic showing that the #1 reason for a PCP to stop referring to a specialist is because of lack of communication by the specialist. Did the patient schedule an appointment? How did the appointment and procedure go? What follow-up care will the PCP need to provide? Prompt returning of the patient to the PCP. Communication is difficult because of the following reasons. 1) Doctors are busy. It is tough finding a time when both doctors happen to be able to talk on the phone. 2) Sharing documents that help explain what happened and how to provide proper followup care cannot be shared over regular email, (Non-Hippa compliant). 3) Faxed papers need to be re-scanned back into electronic form. (All medical offices need to be paperless by 2014) Referral.IM, solves all of these problems. Communication among PCPs and specialists has never been easier and more effective. Dr. Robert L. Barrick DDS

Study on the problems with the professional referring process

As you can see, between 63% to 82% of patients do not make their appointment with the specialist. Referral.IM's own internal study has shown that as much as 40% of referrals do not follow through. Ann Fam Med. 2007 July; 5(4): 361–367. doi: 10.1370/afm.703 PMCID: PMC1934973 Introduction: Specialty referrals are one of several management options available to primary care physicians. The effectiveness of specialty referrals as a management tool depends not only on the quality of physician decision making—when and for whom to obtain specialty care—but also on the likelihood that patients referred choose to complete the referral by attending one or more specialist visits. Although much is published on the determinants of primary care physician referral decision making,1–3 much less is known about referral completion. Based on chart audits and physician survey, prior studies have found that 63% to 82% of patients referred from primary care settings ultimately attend a consultation with the type of specialist to whom they were referred.4–6 The consultation and referral process. A report from NEON. Northeastern Ohio Network Research Group. Bourguet C, Gilchrist V, McCord G. Source Division of Community Health Sciences, Northeastern Ohio Universities College of Medicine, Rootstown 44272-0095, USA. Abstract

Introduction

FOR IMMEDIATE RELEASE Dentist creates software to solve his own problem St. George, Utah — January 16, 2013 — Referral.IM (www.Referral.IM) today announced the release of their flagship, cloud-based software product designed to significantly reduce the number of dental and medical referrals that slip through the cracks in the current system. Dr. Robert Barrick, Founder and CRO (Chief Referral Officer) of Referral.IM, set out to solve the problem by developing a secure, web-based service for passing instant referrals that can be implemented in any office in less than two minutes. "I want to solve a problem I see in how professional referring occurs today," Dr. Barrick said. "I was frustrated, not knowing if my patients even made it to the specialist I recommended to them. In a world where we have instant replay, instant oatmeal, and yes, even instant messaging, I couldn’t believe we struggled to get effective communication between doctors.” Currently, the most common way of referring a patient is the passing of a business card with verbal instructions for the patient to call and make their own appointment. The patient is responsible to then call a complete stranger and try to explain their problem, and why they were referred, over the phone. A major medical study showed that not knowing the specialist, card misplacement, and procrastination are the main reasons the patient never makes the phone call. Specialists lose up to one-third of all their potential patients each month and they don't have a clue that they even exist. This results in tens of thousands of lost revenue dollars. Patients miss out on receiving important follow up treatment. And the referring practitioner, is left picking up the pieces of a medically compromised patient with no information. With today’s system, the Primary Care Physician and Dentist struggles to know the progress of each patient referred; whether they made it in and when and if they will be returning for subsequent treatment. Dr. Barrick’s journey led him North to Salt Lake City where his company was chosen as part of the Utah’s “BoomStartup class of 2012.” The three month intensive accelerator program brought his idea from concept to reality. To date, the company has taken in more than a hundred thousand dollars of investment capital and has 70 participating offices. "As I have implemented Referral.IM into my own practice, I have been blown away by it's simplicity and effectiveness," Barrick said, "The other day I walked up front to refer a patient to a pediatric dentist. When I walked back into the operatory, the patient's father had a huge smile on his face. He said, ‘Doc, I just received a text from Dr. Albrect's office welcoming me to his practice. I forwarded the message to my wife, she called and they are expecting us in an hour. You guys are on top of it.’ "Referral.IM has improved the referring experience for me, the specialists I refer to and most importantly, my patients." Referral.IM is raising money for a seed stage investment round and beginning pilot programs with multiple dental offices, the Foot and Ankle Institute of Southern Utah and Mountain Land Rehabilitation, with offices in 8 states. ABOUT REFERRAL.IM Referral.IM is a provider of cloud based referral software for the medical industry. Founded in 2012, the company has raised over $100,000 in capital and recently won a "Go To Market Grant" from USTAR (Utah Science Technology and Research initiative) and finished top 8 in concept to company 2013. For more information, please see www.referral.im