Podcast

Episode 460

Mar 17, 2023

HIPAA compliance can feel confusing. Allissa and Michael discuss how to make sure your cell phone is HIPAA compliant for business purposes.

Listen to "E460: Is My Cell Phone HIPAA Compliant?" on Spreaker.
Image for E460: Is My Cell Phone HIPAA Compliant?

EPISODE 460

Weekly Roundup

Discussion Topic

Quick Tips

  • Use your devices browser history more, for searching things, etc

Sponsors


Transcript: 

Sponsor message:

This episode is sponsored by the Original jojoba Company. I believe that massage therapists should only be using the highest quality products because our clients deserve it and we deserve it. I have been using jojoba for years for realsies. Here's why. Doesn't go rancid, doesn't contain triglycerides like a lot of other products do, so it's not going to go bad. Also makes it a really good carrier for your essential oils, because you're not going to have to trash the bottle after six months when your carrier oil gets nasty because it ain't going to get nasty. Jojoba is non-comedogenic. It's not going to clog pores, and it's not going to stain your a hundred percent cotton sheets, which is a huge deal and a big money saver, because you're not going to have to replace your sheets every six months or year. You, my friends, can receive 20% off the price of the product when you shop through our link, massagebusinessblueprint.com/jojoba.

Michael Reynolds:

Hey everyone, welcome to the Massage Business Blueprint podcast, where we help you attract more clients, make more money, and improve your quality of life. I'm Michael Reynolds.

Allissa Haines:

I'm Allissa Haines.

Michael Reynolds:

We're your hosts. Welcome to our show. We are glad you are here, and good morning to Andrew joining us on Facebook today on the live broadcast. Good morning, Andrew.

Allissa Haines:

Our loyal listener who gets up at the crack of dawn in Colorado, I think.

Michael Reynolds:

Wow.

Allissa Haines:

And listens to us on Wednesday mornings. I know, right? That's even more impressive.

Michael Reynolds:

Appreciate that. Right on. Thanks, Andrew. All right. You read anything interesting today?

Allissa Haines:

Not really. My brain's been a little fried. I've been doing far too much scrolling in front of screens and, tell me what you're reading.

Michael Reynolds:

Yeah, so I'm listening to a podcast episode from The Daily, which is a New York Times podcast, on the implosion of Silicon Valley Bank. I think a lot of us have been hearing about this, so it's the talk, the chatter in the social media these days. So Silicon Valley Bank is a bank in California, and it basically melted down over the weekend, and there's been some new developments. So basically I was kind of reading about what happened, and I think a lot of people are just concerned about banks right now and the banking system and, oh my goodness, how does this affect my finances and our economy in general? And so I've just been studying it a lot.

And the gist of it is, for those who maybe aren't familiar, is Silicon Valley Bank is what's considered a regional bank, not a huge, massive bank, but not a tiny community bank, a regional kind of mid-range bank. And there was a run on the bank and they ran out of money to put it bluntly. And this happened, I'll try to keep it as jargon-free as possible, it happened because this particular bank was home to a lot of tech companies and startups who had their money there. So this bank was very widely utilized by the tech community, and in our rising interest rate environment, a lot of these tech companies a lot of their funding sources dried up, the lending tightened up, and so they had to pull out many of their cash reserves in order to keep their operations running.

So as this happened, Silicon Valley Bank had to cover that cash, and so they had to sell off a bunch of their investments that ended up being sold at a loss, and the big mistake a lot of people are claiming they made was instead of just gradually selling off investments to cover the cash, they made the decision to make this massive fire sale and just sell off everything at once at a loss. And the tech community saw that and said, "Oh my goodness, Silicon Valley Bank must be in trouble because they had to scramble with this last resort massive sale to stay afloat." And in the tech community, everyone's very connected. Social media is just 24/7 chatter. And basically this turned into a panic across all of these customers, and they all just told each other, "Hey, pull your money out now because it's going under." And so everyone pulled their money out, which became a self-fulfilling prophecy and a run on the bank caused it to run out of money.

So that's what happened, the nutshell version. And then over the weekend, the FDIC made a decision to not only ensure the deposits up to 250,000, which is the default FDIC limit, but to back everything. So basically the good news for those affected is that the government decided to honor cash deposits for a hundred percent of those customers of Silicon Valley Bank. So a pretty major event.

But a couple things that make it a bit unique is, again, this bank's clientele was specifically tech companies, high concentration of this type of customer, a little bit unique to that bank as opposed to others. And again, the government stepped in to back all the deposits. So lots of opinions about that, but that's basically what happened, and that's what I've been reading about. So that was longer than I meant to be, but I thought I'd explain what happened.

Allissa Haines:

No, that's all right. I have two things to add to this. One, my only knowledge of run on the bank things is from watching Mary Poppins when that happened. Do you remember when that happened? And then the feed the birds ladies. So that's what I always think of when I think of that.

And the second thing is, I was reading about this and I was specifically reading a Twitter thread from a woman who owns a startup in Ohio, and her company used Silicon Valley Bank, and it's a small startup that's doing some kind of medical related software app thing, and it was really interesting because the chatter has been like, "We're bailing out these startups that were financed way beyond what they could manage. And this bank was doing all these shady things." And there's been a real backlash among progressives about bailing out this particular bank, when in reality wasn't... It's not all massive income, startup, Silicon Valley. There are companies all over the country that are small businesses just like us, that used venture capital, that used this bank and this woman's like, "I'm the mom of twins and, another guy started this when my twins were three, and I had a newborn as well. And we did this and we employ this many people, and this is what we do, and we are not." So she's like, "A couple of my employees have farms too. We're not the rich people hanging out drinking our $12 smoothies. That's not what's happening here."

And there's a couple other companies, I believe there's a clothing company, Universal Standard, I heard that they sent out an email because all of their money was locked up over the weekend too. And that's a clothing company that actually specializes in having sizes from size zero to 6XL or whatever. They are really focused on having every item of clothing for every size and shape woman. It's a really progressive and wonderful company that I buy clothes from, thank you very much. And so it's not just these dudes in black mock turtleneck, cashmere sweaters that are getting back money they should not have risked anyway. That's not entirely the story of what's happening here. And I think, yeah, it was interesting to me. I think it's important when the full story gets told, so that's my addition.

Michael Reynolds:

Yeah, when you see headlines like this it's easy to have righteous indignation about, "Oh, well have an opinion about this and they're wrong." But when you go deeper into the nuance, it's a very complex situation and lots of nuance there, so I'm glad you added that.

Allissa Haines:

All right. Marcy's here. Let's talk about Marcy [inaudible 00:07:43].

Michael Reynolds:

All right. Marcy first, a good morning from Marcy and Canelo her pup. Thank you, Marcy. And Marcy also mentioned that her credit union emailed a calm down letter this morning, so it was nice to read how the credit union was protecting their members. Yes. Great to hear that. I'm seeing a lot of that as well. And Marcy also shared, "The majority of my wardrobe is Universal Standard, had no idea they were caught up in the bank issue."

Allissa Haines:

Yeah, I didn't see the email myself. I heard about it on Twitter, so I take it all with grain of salt, but there's that. Crap, there's something else I thought of that I just wanted to say and now... Oh, so the moral of the story, Michael, the moral of this bank collapsed story is we should know... The institution where we put our big savings accounts, we should know how much money is covered by FDIC insurance, and if the amount of money that we are saving in that bank is more than that, we should put some in another bank.

Michael Reynolds:

Correct.

Allissa Haines:

Is that correct?

Michael Reynolds:

That is correct.

Allissa Haines:

This is a weird thing I learned when I was a kid because it was a credit union or something that my grandparents had money at that collapsed, and my grandfather had done this, he had moved... Because at that point they were retired, so they had half a million dollars in the bank or whatever. And tI think the banks are typically what, 250? $250,000?

Michael Reynolds:

250,000.

Allissa Haines:

So not a thing that most of us need to worry about at this stage of our lives, but at some point, if you're cashing out retirement or whatever and you have a huge chunk of change, spread it out if you need to.

Michael Reynolds:

Yeah, agreed.

Allissa Haines:

Yeah. Okay. What's next, Michael?

Michael Reynolds:

What is next? Our sponsor Jane is next.

Allissa Haines:

Yay. And I love that Jane is our sponsor, and I love that Marcy is listening because Marcy is a user of Jane and has been saying for years how great they are. Jane is a complete practice management software that makes it easy for you to book chart and get paid all online my friends. While Jane is an all-in-one software that's fun to use, they also focus their attention on challenges that come up for practitioners in day-to-day practice. I love that they are paying attention to the little guys.

One of the challenges is the prevalence of no-shows and late cancellations. With the help of Jane's features, you will be able to significantly reduce no-shows and late cancellations, but also avoid a loss in revenue when they do happen. Some of these features include online booking payment policy, a cancellation policy, unlimited SMS and email reminders, and I love this, wait list management features. You can learn more at jane.app.

Michael Reynolds:

Thanks, Jane. All right, so today is my cell phone HIPAA compliant? We have a listener email that prompted this topic today.

Allissa Haines:

We do have a listener email, and I probably should have opened that email before we start. I have it here in my-

Michael Reynolds:

Ah, details.

Allissa Haines:

... I have it right here in my-

Michael Reynolds:

It's only episode of 460. We'll figure this out eventually.

Allissa Haines:

Yeah, right. Okay. Sorry. I do have it right here. Sorry. Okay, so we got a great listener email. It says, "I have a question or topic for the podcast. I would love to hear your thoughts on added security to your business and meaning HIPAA compliance in the modern era. With the ease of technology it's easy to become complacent or merely just lack of knowledge when it comes to this matter. Any recommendations for better security and ensuring privacy when collecting client information, including insurance information, using online sources such as email. I was using my Weebly website to collect data until recently when I switched over to using my MassageBook account, which is compliant. But I was wondering about secure voicemail or phone lines. I still use my cell phone. Thanks so much. Your podcast has been invaluable."

Yay. Okay, so that is what kind of initiated this particular topic. So we're going to focus on the cell phone bit, and then when we get to the end, I'm going to make... I realized I didn't make a note to do this one, I'm going to make a note now, to talk about that form thing. Okay. So, yeah, I always get emails when I say this, but I'm going to say it anyway, whether or not massage therapists need to be HIPAA compliant is often a gray area, and it might depend on the state and the regulations in the state in which you practice.

Now, there are a couple of states where massage therapists are licensed as healthcare practitioners. They can bill insurance, they have all the same standards and ethical codes and all this, that and the other thing, right? So it is not a gray area in those places. It's very clear that massage therapists are seen as healthcare providers and therefore fall under the HIPAA regulations. I've read a bunch of sources and some people say that we are, and some people say that we aren't, and most resources that I have found credible say things like, "If you are working in an environment with other healthcare practitioners that are absolutely covered, or if you are working with a clientele where you are communicating with their other healthcare practitioners, you should probably make sure that your processes are HIPAA compliant." So that's that.

But I think that these standards are something we should all aspire to regardless. I think that as a profession, we will be taken more seriously if the bulk of us, especially independent practitioners, are utilizing best practices and client confidentiality, HIPAA or otherwise. That is what I think.

So I'm going to just pound through this little list of things you can do to make sure you are HIPAA compliant, or as close to as possible. And Michael's got some great resources for us too, so I'm just going to start pounding through my list. Okay. First of all, make sure that your phone has a passcode, and this goes double for your computer, but we're talking about phones, Jane. Make sure there is a passcode that you need to enter every time you open it. That's it. That's that.

And nobody else should know your passcode. So there's that. And make sure that you have remote wipe enabled. Michael added this, thank goodness. Most cell phones, you have the ability to add an app or something that will let you track it if you lose it, and most of these will also allow you to have remote wipe. Which means that if you can track your phone, you can wipe it clean. So even if someone is able to break through the passcode, there ain't going to be nothing there. It's going to essentially restore it to factory settings.

Okay. Number two, it's pretty easy, don't have conversations where other people can hear you. So if you're in Target and a client is calling you back to talk about their headaches, you really don't want to be having those conversations in the Target aisle. So maybe don't answer your phone when you are in places where there will not be privacy, or move yourself to privacy quickly. Is just the act of scheduling an appointment, is that fine? Maybe as long as you're not saying the person's name out loud. So just be thoughtful about who can hear you when you are on the phone with a client or a healthcare practitioner you're speaking to about a client.

So be mindful of your location and who can hear you when you're having conversations. And this goes for cell phone and also if you're doing video chats or whatever, via your computer. Maybe don't do that in Panera. Don't use email to send personal health information or protected health information. Email is not secure, unless it's happening within a compliant app.

Now, there are scheduling apps that include the ability to email and call people through the app, and many of those are compliant, so that's fine. But like your regular email, your Gmail off your iPhone, not encrypted, not secure. So you can use one of those compliant apps, or you can consider a secure email like Michael has put these resources down sendinc.com or Encyro-

Michael Reynolds:

Encyro.com.

Allissa Haines:

I'm guessing it's trying to be encrypty. I don't know. We'll have this in the podcast notes. Tell me about those. Do you know anything about those?

Michael Reynolds:

Yeah, I use them both. They both have free versions, which are likely to be sufficient for any independent massage therapist. They basically let you send secure messages and documents securely over encrypted email to whoever you want to send it to. The person receiving it doesn't have to make an account or anything. It's pretty easy. So I like both of them. Sendinc.com, S-E-N-D-I-N-C.com, or in encryo.com, which is E-N-C-Y-R-O.com. I use encyro.com more heavily. I think it's got a great interface.

Allissa Haines:

Cool. And so is it like something you just connect your Gmail into and it goes through and Encyro and encrypts everything?

Michael Reynolds:

No, it's a web app. So you basically go on the web and you can put in the email address you want to send to, and then put in the message or upload the document and then hit send. And the person receiving it will get an email saying, "Hey, click here to basically unwrap your secure message." And they can then view it and download what you send them.

Allissa Haines:

Oh, okay. All right. I get it. Cool. Require logins for any work related apps for every use. So let me give an example of this, I have an iPhone and I have to use my passcode just to open the phone every single time. Annoying, but it works. I have the Acuity app on my iPhone. I have it set so that it logs me out after every single use. Super annoying, but I do have the passcode saved in my password system, which is integrated, there's an app on my iPhone that integrates it, so I actually just have to do my thumbprint twice to open the app and it's still secure.

But Michael, does that count as secure, if I'm using my thumbprint via the password program?

Michael Reynolds:

Yes.

Allissa Haines:

Okay.

Michael Reynolds:

I believe so. I would call that even more secure actually.

Allissa Haines:

Thank goodness. So I could type in the password, but I can just, because I have it all integrated, so I can do that. So if you are using an app like that on your phone that has patient information, you need to set it so you have to log in every time. Hassle, but still important. Use an encryption app. And I had a question mark, because I wanted Michael to expand on this a little bit. There are apps that let you make encrypted calls, but there is a return on hassle trade off. Michael, talk about these.

Michael Reynolds:

Yeah, so I was looking at this through the return on hassle, which is like, yeah, what's the benefit versus the hassle you have to go through to achieve the benefit? So it's always something to think about. There's more than one provider that does offer encrypted phone and texting. Zoom is one of them. I personally use Zoom in another business for a phone, and it does have encryption available for phone calls and text messages. So that might be something to look into.

And I also found that Google Voice, the paid version of Google Voice is considered HIPAA compliant, so Google Voice might be something to look at. And there are other apps as well. When you do searching on this stuff, the app Signal seems to come up a lot, but the problem with that is the other person has to be using Signal. So a lot of these apps, the other person has to be using the same app as you do, which that's kind of where return on hassle plays a part, you don't want to ask your clients to download an app just to call them. So, think through it, but there are some options there.

Allissa Haines:

What about text messages, Michael?

Michael Reynolds:

Yeah, generally same thing. These apps that I just mentioned before, they do have text encrypting as well, so that might be worth looking at. I don't know that a lot of us are going to be sending private health information over a text message anyway, but it's also worth noting that if you're sending from iPhone to iPhone, it is automatically encrypted. Apple encrypts that traffic automatically. I don't know the latest information on Android or iPhone to Android. I'm guessing the encryption has gotten better, but I don't know for sure how well it is encrypted. But I do know the iPhone to iPhone is encrypted. But again, I wouldn't recommend sending private health information over text anyway.

Allissa Haines:

And the date and time of an appointment and a reminder, I don't believe that's considered protected health information at this stage, at this level. So I think that we're good.

Michael Reynolds:

Yeah.

Allissa Haines:

Okay. So the final bit is what I mentioned at the beginning that I wanted to come back to, because this listener mentioned using a form to collect client information, and they were correct in noting that using their Weebly website to collect data, if it was a Weebly form embedded into Weebly, probably not secure. You can use, again, a scheduling app that has all of this included with the HIPAA compliance. You can also use Google, the lowest level of Google Workspace, which is email and Google Docs and all of that stuff, it's like $6, 6.50 a month, and you can add a little HIPAA writer on there. If you literally Google make my Google HIPAA compliant, it'll lead you to the little form that you just have to read and click a button on, and then your account will be HIPAA compliant.

All my intake forms are handled via Google Forms and it's all HIPAA compliant. It all stores in my Google Workspace. So yeah, if you're not using a scheduling system that has all that embedded, Google is a really good option for you. There's probably a whole bunch of others, but I use Google for everything. I've said it before. I'll say it again. Because if the whole world implodes and all of my business information gets lost, if it's in Google, that means 90% of the world's business information is going to get lost, so I'm not going to be the only one.

Michael Reynolds:

Yeah, it's a zombie apocalypse at that point.

Allissa Haines:

Yeah, right. I remember now every so often there's a day where Google email goes down for two hours for half the country. I like that whole half of the country's like, "Oh, well." And everybody understands because everybody's in that boat. So anyhow, I love that. So that's my feeling on that. Take it or leave it.

So dear listener, thank you for asking this question. I hope that we've given you a little bit of information to move forward with, although it sounds like you're probably all set within the system that you're using. If you want to explore any of the resources that Michael has mentioned, you can certainly do that. The podcast notes are always available on our website, massagebusinessblueprint.com. There's a podcast page. You can just look for this episode number, which is 460, and you'll see there's resources there.

Michael Reynolds:

Awesome. Marcy had a comment related to Jane, our previous sponsor saying, "Jane allows you to upload docs and images directly into client profiles. Great feature, should be HIPAA compliant?" I would venture to say yes. I'm making an assumption that Jane's system is encrypted, that it's SSL, that it's all doing the right things for encrypting data going in and out. So assuming that's the case, then yes, I would agree with you. That should be HIPAA compliant.

Allissa Haines:

Yeah, I think it is. I feel like skimming through all of our podcast notes or ads for them, but anyhow. Yeah, I think it is.

Michael Reynolds:

Yeah. Awesome.

Allissa Haines:

They're hardcore, they're not messing around.

Michael Reynolds:

Yeah.

Allissa Haines:

What's next, Michael?

Michael Reynolds:

All right, great tips. Thanks, Allissa. What is next is a shout-out to our friends at ABMP.

Allissa Haines:

Yay, ABMP. Let's talk about their apps, because I love them and I use them at least once a week in my massage practice. They have two apps. There's the ABMP Five Minute Muscle app, and the ABMP Pocket Pathology app. You can learn about both of them at abmp.com/apps. Both are quick reference apps designed to help you quickly find information you need to make a decision for session planning, or use outside of a session to just refresh muscle and pathology knowledge. Five Minute Muscles includes muscle specific techniques and palpation videos for the 83 Muscles most addressed by professional MTs, they use progressive web app technology in order to take up less space on your phone or device.

These apps are included with ABMP membership. If you're not a member, you can check out demos at abmp.com/apps.

Michael Reynolds:

Thanks, ABMP. All right, you've got a quick tip today.

Allissa Haines:

I do have a quick tip today. Sorry, I just got to flip back to that page. Okay, you know I like to tell a story because that always helps people remember my things more or it makes me enjoy telling the story more. I don't know. So, I have decided that a lady of my age and station needs to upgrade her wardrobe and just in general life a little bit, I started this couple years ago upgrading my skincare products. And also I have to go to a family event next month. My grandfather's turning a hundred. Isn't that so baller?

Michael Reynolds:

Wow.

Allissa Haines:

I know, right? So I'm traveling to Illinois to do this family gathering thing, and I'm already feeling a little weird about it, because I know I'm going to be the only one taking any COVID precautions, and the only one wearing a mask all the time. So I have decided that to take some of my... And also my wardrobe is crap because I've been nowhere for years now. And even before that, once I stopped going to conventions and stuff, I stopped buying nice clothes. So I'm getting myself a few wardrobe items, and I'm doing a little bit of online shopping and such, and I'll do some casual shopping and then I won't be able to go back and find what I needed. But I was like what I thought I'd liked, so I was doing pretty good about setting up Pinterest boards and stuff, but there's been a couple of times where I could not backtrack or remember the name of the company that I was wanting to buy something from.

So I realized I can use my browser history, so I would go into my Chrome browser history and you can search in there. So I could just search for the word skirt, or I was looking for a wool dress, there was a company that sells these wool products. I totally ordered a dress yesterday. And I couldn't remember the name of the company, so I literally just searched my browser history for wool dress, and totally found what I needed. So I've been doing that more lately thinking like, "Oh, I came across that, I didn't bookmark it properly. What do I need to find it?" And I go into my browser history and I find it. So that's my quick tip for everyone today.

Michael Reynolds:

Game changing.

Allissa Haines:

Right? I'm going to fix my camera because it's annoying me, even though there's not much of this episode left. I have to get really close to it and then back up. Still a little fuzzy, but at least it's better.

Michael Reynolds:

It's a very skittish camera you have.

Allissa Haines:

I have a weird camera, and it's my fault because you told me which one to buy, and I bought the one that's one level down from it. Totally on me. I was being cheap. Okay, I'm all done. Wrap it up.

Michael Reynolds:

Awesome. All right, well, thanks everyone for joining us today. We appreciate you being a listener and a viewer for those who join us live as well. So you can find us on the web at massagebusinessblueprint.com, and feel free to email us. The email address you may ask is podcast@massagebusinessblueprint.com, and we love to hear your questions. So with that, thanks again for being here. Have a great day. We will see you next time.

Allissa Haines:

Bye.