How Home Health Companies Struggle with HIPAA Compliance & What They Can Do About It Today

Posted: Sep. 29, 2021

Each year, healthcare data breaches increase by a whopping 25%, reaching 29 million patient record breaches in 2020. These breaches primarily involve digital data, and are due to organizations’ inability to adequately provide and maintain technical safeguards for their employees and patients.

How HIPAA disproportionately impacts the bottom line for Home Health companies

Home health companies in particular struggle to erect safeguards, as they typically deal with tighter budgets than hospitals and in-patient facilities and often don’t have the resources to implement and provide higher levels of security and compliance. In addition, providing services through a remote workforce poses unique security challenges. Hackers and data criminals are aware of these logistical struggles, and target their attacks on home health care companies.

One particularly risky area hackers focus on is a company’s distributed communications infrastructure. When home health workers use their personal devices to exchange PHI, a company's ability to provide necessary protections and enforce security policies becomes incredibly difficult; without addressing the technological needs of their distributed workforce, mitigating the risk of HIPAA violations and ensuring compliance proves burdensome and costly.

There are measures that home health companies can take to prevent violation penalties that can cost up to $50,000.

Take the free test

How does your company's communications infrastructure stand up to modern security requirements?

Take this short self-assessment to learn where your security and efficiency measures may be falling short.


Provide secure solutions that help prevent HIPAA violations

Every home health company must meet 4 HIPAA Privacy Rule requirements:

  1. Protect & Store Patient Health Information (PHI)
  2. Securely Transmit Health Care Records to Insurance Providers & Approved Third Parties
  3. Reduce Fraud in the Health Care System
  4. Standardize Information for Electronic Billing and Health Care Information

Implementing communications infrastructure that supports the Privacy Rule is more difficult than it sounds, especially when companies have weak or nonexistent mobile device policies. With nearly 60% of medical professionals now using their personal mobile devices, there is a considerable risk of patient health records being accessed by unauthorized personnel.

Technical requirements in the HIPAA Security Rule

HIPAA's Security Rule details multiple technical requirements that companies must address to ensure compliance. Prominent examples include:

  • PHI must be encrypted upon transmission and storage
  • Access to PHI must be authenticated and re-authenticated on a periodic basis
  • Credentials must not be shared, and can be used for uniquely identifying access requests for PHI

Traditional means of communications cannot adequately cover these three simple requirements, let alone the more rigorous requirements detailed in the HIPAA Security Rule. When data is sent back and forth via traditional means (phone calls, text messages, or emails), PHI cannot be securely protected.

Avoid costly device investments & choose secure communication software

One way home health providers can meet the various technical and security challenges that HIPAA exposes is to provide home health workers with secure devices and/or software for communication. Having a mobile device management policy that includes secure hardware and/or software can streamline and protect PHI in the home health field.

Investing in secure hardware and provisioning this out to your remote staff is expensive, difficult to oversee and maintain, and is an outdated approach. Finding a hardware and software vendor that meet the specific regulatory requirements set forth by HIPAA and HITECH can be difficult to find, assess, and afford.

Notifyd Logo

At Notifyd, we understand the strain, costs, and limitations that home health companies experience when trying to boost their infrastructure security and stay HIPAA compliant. That’s why we’ve created an all-in-one, protected communication software specifically for the home health industry.

With the Notify app, providers cut out the need for sharing PHI via mail, phone, email, and SMS. All communication can be done through Notify’s encrypted platform, with features like:

  • Information Notification & Follow Up
  • Revoke Access to Information as Necessary
  • Secure Photo, Document, & Video Sharing
  • Audit & Manage Conversations for Quality Control
  • Miscommunication & Conflict Systems

If your home health company is at risk for violating HIPAA requirements, you can save time and money today by speaking with one of our account executives about the Notifyd onboarding process and what it can do for your organization.

No multi-thousand dollar investment into company wide infrastructure; no expensive dedicated IT department; no painful retraining of personnel—just simple, HIPAA compliant software at the touch of a button.