At the Interop trade show last month, I chatted with a medical facility that used wireless LANs but had chosen not to deploy Vocera’s popular voice “badges” for conducting phone calls across the WLAN.
The primary reason? The company was unsure about compliance with the Health Insurance Portability Accountability Act (HIPAA).
Use of Vocera badges for voice communications has become common in many healthcare facilities, where highly mobile medical personnel are suddenly needed to handle emergencies. The badges, which operate like little mobile speakerphones that can be handily clipped to a garment or worn on a lanyard, help reduce wasted time caused by paging delays, phone tag and voicemail. Still, the IT administrator’s concern was understandable: private patient information might be overheard by anyone within earshot of the devices.
And it is conscientious to consider the voice aspect of privacy: overall compliance with HIPAA has dropped slightly, according to a survey conducted by the American Health Information Management Association (AHIMA). The percentage of healthcare privacy officers who believe their institution is more than 85% HIPAA-compliant dropped from 91% in 2005 to 85% in 2006, AHIMA reported last month.
However, the relationship between voice communication and compliance with HIPAA (and other security mandates) is a muddy area. HIPAA focuses on protecting patient health information electronically stored in databases. The Vocera system encrypts the voice transmissions, authenticates the identity of users with voice printing and doesn’t record or store conversations. What remains is the worry that stored electronic patient information could be made public when transmitted to a speakerphone clipped to a doctor’s shirt pocket.
So Vocera compliance with HIPAA really depends on successful user training and how well individual users protect patient information as they use the tool. For example, personnel should don headphones for privacy if receiving information where it can be overheard by unauthorized individuals.