The U.S. Department of Health and Human Services´ Office for Civil Rights (OCR) is the body responsible for conducting HIPAA audits, and texting electronic protected health information (ePHI) is one of the processes the OCR investigates particularly deeply.
In 2011, the OCR conducted a series of compliance assessments and found almost two-thirds of HIPAA covered entities failed to meet the conditions of the audit protocol in relation to the exchange of ePHI, administrative controls and risk assessments.
With the use of mobile devices in medical facilities increasing significantly over the past few years, it is essential that healthcare organizations are prepared for HIPAA audits (*) and are texting in compliance with the administrative, technical and physical safeguards contained within the HIPAA Security Rule.
(*) In February 2014, OCR announced it is to survey 1,200 HIPAA covered entities in order to prepare for a new round of compliance assessments.
Secure texting platforms address the issues raised in the 2011 compliance assessments by maintaining ePHI on a secure server, which authorized users can access via an application that can be downloaded onto personal mobile devices and desktop computers.
The secure texting application mirrors the interface of SMS, and enables the secure communication of ePHI within an organization´s defined network. To ensure security, the secure messaging platform is configured to prevent the user saving ePHI to their mobile device, copying and pasting confidential patient data, or forwarding messages containing ePHI to recipients outside of the network.
Administrative controls can remotely remove a mobile device from the network if it is lost by its owner, stolen or otherwise disposed of, and delete any messages which could result in a breach of ePHI if they were intercepted and decrypted.
All usage of the secure messaging platform is monitored in compliance with the HIPAA audit protocol, and automatically generated audit logs help system administrators to conduct risk assessments quickly and accurately.
TigerText is the market leader in secure texting solutions, and our platforms are implemented in more than 5,000 facilities to assist healthcare organizations with HIPAA compliance, HIPAA audits and texting securely.
We have prepared a free white paper – “The Top 5 Takeaways from HIPAA Omnibus Audits” – which you are invited to download and read, and which provides advice on assessing the security of your organization´s exchange of ePHI to prepare for HIPAA audits.
Areas also covered in the white paper include evaluating vendors of secure texting solutions to ensure the mechanism you select is capable of secure texting to HIPAA audits standards, and so that if work practices change, technology advances or further legislation is introduced, the selected secure texting solution is sufficiently flexible to remain HIPAA compliant.
Due to our extensive experience in processing secure text messages we can also provide healthcare organizations with advice on establishing best practice policies to guide staff on the use of the secure texting solution and help to develop procedures for how to deal with a breach of ePHI – something which is unlikely to occur with a TigerText secure texting solution, but which features on the OCR´s audit protocol.
Passing the standards established in the OCR´s audit protocol not only ensures the integrity of ePHI, but often results in healthcare organizations seeing increased productivity through streamlined workflows and enhanced efficiency.
One of the features of TigerText´s secure texting solution is instant delivery notification when a secure message has been received by the recipient. This translates into a higher standard of healthcare and patient satisfaction, as medical professionals no longer have to play phone tag with their colleagues and are able to spend more time with their patients.
There are many medical scenarios in which the introduction of secure texting for HIPAA audits can streamline workflows and enhance efficiency to increase the standard of healthcare provided to patients, for example:
Other benefits of passing the OCR´s audit protocol for HIPAA audits and texting in compliance with HIPAA include when home healthcare professionals need to escalate patient concerns securely, when telemedicine doctors need to receive ePHI securely “on the go”, and when emergency personnel need to access ePHI in urgent situations without risking a breach of confidential patient information.
The next round of HIPAA compliance assessments will provide OCR with an opportunity to examine the different mechanisms that healthcare organizations have implemented to comply with HIPAA, identify the best practices that are being applied to those mechanisms and look for new risks and vulnerabilities. Healthcare organizations can stay ahead of future legislative changes that OCR introduces by discussing secure texting and HIPAA audits with TigerText.
TigerText has a “technology vision”, and to maintain our position as the market leader in secure texting solutions, we dedicate a significant quantity of research and development resources to ensure that our secure messaging platform and features do not become stagnant and will always enable healthcare organizations to pass HIPAA audits while texting securely.
There is no way of avoiding a HIPAA audit if you are selected by OCR and it is always better to be prepared than to have an unexpected visit from an OCR auditor. Therefore, you are invited tocontact us to discuss any issues you may have about secure texting and HIPAA audits, or request a free demo of how TigerText´s secure texting solution can safeguard the integrity of ePHI and increase productivity through streamlined workflows and enhanced efficiency.
TigerText provides secure, real-time mobile messaging for the enterprise, empowering organizations to work more securely. TigerText’s encrypted messaging platform keeps communications safe, improves workflows, and complies with industry regulations.