HIPAA Guidelines for Texting

Frequently Asked Questions

Home / HIPAA Guidelines for Texting

 

The New HIPAA Messaging Guidelines

New HIPAA messaging guidelines were introduced in the “Final Omnibus Rule” of March 2013 which have implications for healthcare professions, health insurance companies, and employers who provide HIPAA-covered health insurance to their employees.

For the first time ever, the HIPAA SMS guidelines also apply to “business associates” (vendors such as fund administrators, brokers, and managers) who must now sign a Business Associate Agreement to access the patient health information they need to run their businesses efficiently.

The new HIPAA guidelines for texting became effective in September 2013 to allow sufficient time for organizations and individuals to revise their existing Business Associate Agreements and for policies and procedures to be revised
where necessary.

Why Were New HIPAA SMS Guidelines Needed?

New HIPAA SMS guidelines were needed to eliminate the risk of patient health information being breached during the transmission or receipt of sensitive data, or while such data was maintained on a mobile device (cell phone, tablet, smartphone etc.).

Research had shown that more than 80 percent of physicians use mobile devices to communicate with their patients or access patient health information, while a further study revealed that 66 percent of patient health information breaches were attributable to mobile devices being lost or stolen.

The potential for breaches of patient health information has increased significantly since the original Health Insurance Portability and Accountability Act was enacted in 1996, when issues such as the following may not have
been considered:

  • Few mobile device owners use passwords to protect sensitive information stored on their mobile devices. The lack of security on many mobile devices raises the risk of any patient health information stored on it to
    be compromised.
  • Sensitive data that has been transmitted or received on personal mobile devices is rarely encrypted. Consequently anybody who finds or steals the mobile device could access the information stored on it.
  • Mobile device owners who communicate with patients or transmit/receive patient health information are at risk of their communications being intercepted and compromised when they use public Wi-Fi or unsecured
    cellular networks.

Consequently, the new guidelines for texting have brought the existing Health Insurance Portability and Accountability Act 1996 (HIPAA) up to date and revised the Health Information Technology for Economic and Clinical Health Act 2009 (HITECH) to account for advances in technology and changes in clinical work practices.

It is important to note that the HIPAA messaging guidelines “require appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic patient health information” and that the failure to comply with the HIPAA guidelines for texting can result in criminal and/or civil legal action.

What are the New HIPAA Guidelines for Texting?

Breaches of patient health information are of the biggest concern to the Office of Civil Rights (a branch of the US Department for Health and Human Services) who, since the Breach Notification Rule was introduced in 2009, has recorded breaches of patient health information affecting more than 22.8 million patients.

 

The major issue which is hoped to be solved by the introduction of new HIPAA SMS guidelines is to control who has access to patient health information and what they do with it – hence the new HIPAA guidelines for texting now also applying to business associates.

The focus of the HIPAA SMS guidelines is to protect patient privacy, but there are some other points within the Final Omnibus Rule that all organizations and persons who have access to patient health information should be aware of:

  • The new HIPAA guidelines for texting prohibit the marketing or selling of patient health information without getting permission beforehand from the patient.
  • Patients have the option of withholding details of any healthcare they have paid for privately from a health insurance company.
  • Organizations have to conduct risk assessments periodically to ensure that they comply with the latest HIPAA SMS guidelines.
  • Organizations and persons with access to patient health information should also amend their reporting procedures in the event that a suspected security breach occurs.
  • Patients (and in certain circumstances the Office of Civil Rights) must be notified within 60 days if a breach of patient health information is discovered.

How to Comply with the New HIPAA Messaging Guidelines

The simplest way of complying with the new HIPAA text messaging regulations is to take advantage of the secure messaging platform from TigerConnect. TigerConnect enables organizations and individuals to communicate via a secure virtual private network which fully complies with the new HIPAA messaging guidelines and ensures the integrity of patient health information.

TigerConnect’s secure messaging platform is a cloud-based software application which requires no hardware or training before users can start communicating via the program, and it also provides users with instant notification once messages have been received and read to save time on follow-up calls/SMSs to ensure that communications have been understood.

If you would like to know more about TigerConnect’s secure messaging platform – and how it complies with the HIPAA guidelines for texting – you are invited to download our white paper Top 7 HIPAA Omnibus Preparations Brief which will provide more information about both the Final Omnibus Rule of March 2013 and how you can avoid any unintended breach of patient health information.

  • Few mobile device users have password protection on sensitive information stored on the mobile devices. The lack of (applied) encryption on mobile devices raises the issue that any user of the device could access protected health information stored on it.
  • Typically, protected health information transmitted, received or maintained on personal mobile devices is not encrypted. Consequently anybody in possession of the mobile device could access the data stored on it.
  • Cell phones, smartphones and tablets that use public Wi-Fi or unsecured cellular networks to communicate with patients or transmit/receive protected health information are at risk of their communications being intercepted and compromised.

It is important to note that the HIPAA text messaging regulations contained within the Security Rule section of the Act “requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronically transmitted protected health information.”

How To Comply With The New HIPAA Text Messaging Regulations

The most secure way of complying with the new HIPAA text messaging regulations is to integrate the secure messaging platform from TigerConnect into your existing channels of communication. TigerConnect enables users to communicate via a secure virtual private network which fully complies with the new HIPAA text messaging regulations.

The TigerConnect secure messaging platform is a cloud-based software application which requires no hardware or installation before users can start using the program, and it quietly replaces existing channels of communication with an encryption process which ensures the integrity of protected health information.

TigerConnect’s Secure Messaging Platform in Action

Among several relevant case studies which demonstrate the benefits of TigerConnect’s secure messaging platform, one which highlights secure messaging as being more effective for the communication of protected health information than email concerns Eagle Hospital Physicians.

Eagle Hospital Physicians is a leading physician-services company, who needed a secure communication solution to resolve the issue of their telemedicine physicians being located in multiple facilities when workflows had to be prioritized.

Following the implementation of TigerConnect’s secure messaging platform, 100% of Eagle Telemedicine Physicians received all their secure messages via one convenient inbox so that responses could be prioritized and workflows streamlined.

Eagle´s physicians were able to send secure messages in compliance with HIPAA, receive images and documents via TigerConnect’s secure messaging app, and share protected health information between their colleagues securely; while the audit capabilities of TigerConnect’s secure messaging platform made it easy for Eagle´s system administrators to track response times and monitor access to protected health information.

Speak with TigerConnect about Communicating Protected Health Information – Securely

TigerConnect is the market leader in secure messaging solutions, and over 4,000 medical facilities currently use TigerConnect to communicate protected health information securely. TigerConnect’s secure messaging solution is inexpensive to implement and operate, and conforms to all the technical, administrative, and physical safeguards required by the HIPAA Security Rule.

You can find out more about how TigerConnect’s secure messaging solution complies with the HIPAA technical, administrative and physical safeguards in our “HIPAA Compliance Statement” which you are invited to download and read. Alternatively you are welcome to contact us and arrange a free demo of TigerConnect’s secure messaging solution in action

Request A Demo

See how TigerConnect helps 6,000+ healthcare teams collaborate seamlessly across the hall or across the health system.

About TigerConnect

TigerConnect provides secure, real-time mobile messaging for the enterprise, empowering organizations to work more securely. TigerConnect’s encrypted messaging platform keeps communications safe, improves workflows, and complies with industry regulations.