Best Practices for Communication with Patients or Research Subjects
Dear Colleagues,
All communication with patients and research subjects poses some risk to the privacy of those individuals. In simple cases a conversation or message may be overheard, but in other cases our choice of communication method may increase the risk that a message will be intercepted: For example, voice and text messages sent to your phone are generally not encrypted.
So, what should I do?
You should use the BU SecureMail email service (free to use) unless the patient or research subject has agreed – ideally in writing – to use non-secure communications via email or text.
If your patients or research subjects are leaving you voicemail messages, it is a best practice to include language in your voicemail message discouraging them from including sensitive information. Likewise, when you are leaving voicemail messages, remember to avoid disclosing any sensitive information.
What about BU Teams and Zoom?
When using BU Teams on your computer or phone, calls, video meetings, and chat communications are automatically encrypted. And, like most BU Office365 apps (SharePoint, OneDrive, PowerBI), it is HIPAA compliant and meetings can be setup with patients or subjects.
Likewise, Zoom meetings are generally secure but you need to know that there are two types of Zoom accounts: Zoom and “Zoom Meetings for HIPAA.” Zoom Meetings for HIPAA is compliant but disables your ability to record a conversation as the recordings cannot be securely stored. If you need to record a conversation and it does not contain HIPAA information you can switch between Zoom and Zoom Meetings for HIPAA.
Go here to switch your account from regular Zoom to Zoom Meetings for HIPAA: https://www.bu.edu/
Using best practices when communicating and leveraging the tools at your disposal will help keep your patient’s or research subject’s privacy intact and protected.
If you have any questions or concerns, please contact me or Information Security at buinfosec@bu.edu.
Sincerely,
David Corbett
BUMC Information Security Officer and HIPAA Security Officer