/ Health Care

Waitlist Apps and HIPAA

Hospitals and doctors' offices often ask us about whether our waitlist app is HIPAA (Health Insurance Portability and Accountability Act) compliant. Although we're not lawyers, and we always recommend reviewing your planned usage with your own attorney, there are ways to use our service without putting your organization or your patients at risk. First, some background.

What not to do

Do not put any protected health information (PHI) into any SMS. The Joint Commission forbids the use of SMS for the transmission of electronic protected health information under HIPAA regulations.

Here's why:

  • SMS text messages, which are sent and stored on mobile carrier servers in plain text, can be intercepted during transit.
  • It's possible for SMS messages to be sent to the wrong number.
  • Once an SMS message is sent, it is saved indefinitely on the recipient's phone with no way of recalling the text. SMS messages can remain in a phone for months or years. If a phone is lost, stolen, sold, or donated without erasing those SMS messages, it can become a security nightmare.

What you should do

One of the easiest ways to avoid PHI in SMS is to not put any PHI into our waitlist app at all.

  • Use an obfuscated patient identifier instead of the patient's name. Worst case, use a patient's first name only. (This is never included in an SMS; it is stored in the system only.)
  • Make your waitlist notification messages as generic as possible. If a hacker intercepts a text, or you've accidentally sent one to the wrong phone number, if the message says "We're ready for you. Please go to the front desk." it's a lot better than "We're ready for your psychiatric assessment at Regional Medical Center." A hacker may be able to figure out the name and phone number, but there is no health information in the former message, as opposed to the latter.

All of TablesReady's waitlist data is encrypted at rest and in transit, which makes it more difficult to hack. We do everything we can to protect your data, but it's always better if there is absolutely no PHI in the system.

It's worth it!

There a lot of benefits to using a digital waitlist app to let patients know when their provider is ready for them, including:

  • Unlimited range. Traditional pagers don't go through hospitals' cement walls, and patients want to have the flexibility to wait in the cafeteria or even use the restroom without worrying about missing their appointment.
  • Analytics. It's important to always increase your efficiency and minimize your wait times. TablesReady provides detailed wait time analysis to help you improve your operation.
  • Lower cost. Pager systems are expensive and replacing lost or broken ones really adds up. Or, losing track of patients who don't hear their name called means downtime for your providers and lost revenue. Keeping health care costs under control and improving care delivery is critical for all of us, and TablesReady's waitlist helps with that.
  • Safety. Pagers are gross, and keeping them sanitized is overly time consuming. Let your patients get notified on the device they're already carrying.

Just follow our guidelines for eliminating PHI and complying with HIPAA (and check with your lawyer!), and try it today!