Changes to the Health Insurance Portability and Accountability Act (HIPAA) 1996 have opened the door for a great conversation around the question of texting and compliance. Is HIPAA Compliant Text Messaging Safe? Standard SMS texting that everyone has on his or her mobile phone is not HIPAA compliant. It is really only when specific administrative, physical and technical safeguards are in place through a secure texting solution that texting can even begin to pass HIPAA requirements. Even then, those safeguards must ensure “the confidentiality, integrity, and security of electronically stored or transmitted private health information.”
As you read through the following article, you’ll gain a better understanding of the safeguards required in order to ensure that text messages sent or received through and stored on a secure HIPAA compliant text messaging app comply with these new regulations.
Healthcare professionals, health insurance providers, and third-party service providers who have access to private health information (PHI) all fall under the rules of HIPAA.
Since such covered entities vary in size, it is vital that these organizations train their entire staff about HIPAA regulations and enforce it across their entire organization. This often times includes sub-contractors, who must be trained on the proper handling of all PHI as well as the consequences of data breaches. If proper training and evaluation of your existing text messaging system are not implemented and taken seriously, it could result in severe penalties ranging from hefty fines and dismissal from your job to legal action and criminal charges.
The new revisions of HIPAA recognize the communication and access to PHI in today’s healthcare environments using mobile devices.
With such technologies, the danger and eminence of a PHI breach increase dramatically. This is multiplied even further with the ubiquity of individuals using Wi-Fi and open cell phone networks. An additional risk exists with the threat of loss or theft of mobile devices and laptops. Because of these risks, Secure Texting is only considered HIPAA compliant when the following conditions exist:
The organization that houses and handles private health information controls who has access to that PHI and how that information is used. These are set by pre-determined processes and procedures that meet HIPAA guidelines.
Risk assessments are routinely conducted in order to identify the integrity of PHI and any potential threat that may exist. Procedures are also to be established for when a breach occurs.
Encryption and physical data protection must be in place for those users who rely on their personal devices (mobile, laptops, etc.) to share PHI or to access that data for professional use.
A policy covering the loss or theft of a device must be in place to cover such scenarios. This policy should also cover those users who wish to dispose of their personal device so that PHI can be wiped remotely.
A system is put in place to prevent the insecure storage PHI on mobile devices used by both employees and subcontractors.
We hear it all the time from providers just like you: “My doctors and nurses are texting. Help!” If you don’t already have a hipaa compliant text messaging app in place, then most likely you’re already on thin ice with complying with HIPAA regulations. What makes such apps “secure” is the encryption of messages being sent between the sender and recipient. Complete end-to-end encryption is most secure so no PHI access is available to the secure texting vendor or the mobile network provider. In addition, authentication of users must be enforced to access secure texting apps. With enterprise solutions, users of such apps are managed by administrators and can be added and deleted manually or by using such databases such as Active Directory to automatically manage this process.
QliqSOFT’s HIPAA compliant text messaging app relies on a three-pillar approach to security. To start, we rely on our exclusive Cloud Pass-Thru technology. We never store PHI in our cloud servers which drastically reduces the risk for our customers. Our approach to encryption is end-to-end utilizing individual public/private key encryption for each and every user of the app. Only the intended recipient can decrypt messages. No one else can, including QliqSOFT. Finally, an archive of every sent and received message is maintained in your control behind your firewall and we firmly believe that this data should never be held hostage by a vendor.
Learn more our about HIPAA compliant text messaging solutions and patient communication platform.