The Final Omnibus Rule of March 2013 introduced new HIPAA laws and texting practices to update the existing Health Insurance Portability and Accountability Act 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act 2009 (HITECH).
These new HIPAA rules and texting practices apply to healthcare workers, health insurance providers and employers who provide health insurance for their employees covered by HIPAA, and – for the first time – third-party service providers to the health insurance industry (also known as “business associates”).
The new legislation was introduced to reduce the risk of personal health information being compromised during the sending or receipt of patient data via text messages, or while personal health information was stored on a mobile or portable device (tablet, smartphone, cell phone, etc.).
Studies had indicated that more than 80 percent of healthcare workers use mobile or portable devices to access personal health information and communicate with each other about their patients, while more recent research revealed that 66 percent of security breaches reported to the United States Department for Health and Human Services over the past two years were due to mobile devices being lost or stolen.
As the potential for personal health information breaches had increased significantly due to technological advances and changes in working practices since the original Health Insurance Portability and Accountability Act was brought into law in 1996, new HIPAA laws and texting practices were introduced to address issues that may not have been considered when the original Act was enacted almost two decades ago:
It is important to note that the new HIPAA laws about texting “require appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information” and the failure to comply with the new legislation could result in criminal and/or civil charges being brought.
The number of personal health information breaches that have been recorded since 2009 are of particular concern to the Office of Civil Rights (part of the United States Department for Health and Human Services). The office has recorded security breaches affecting more than 22.8 million patient records and, as mentioned above, 66 percent of those were attributable to lost or stolen mobile devices.
The major issue which is hoped to be resolved by the new HIPAA safeguards about texting is controlling who has access to personal health information, how it is communicated and how it is maintained securely when it is received on a mobile device. As business associates would also need access to personal health information in the course of their business, this is the reason why they have been included in the new HIPAA rules and texting regulations.
The new HIPAA laws and texting regulations focus primarily on protecting patient privacy: but there are also other regulations within the Final Omnibus Rule that all organizations and individuals who have access to personal health information should be conscious of, in the event that sensitive data appears to have been compromised:
The new HIPAA laws about texting ban the selling or marketing of personal health information without obtaining prior permission from patients.
The most straightforward way of complying with the new HIPAA laws and texting guidelines is to have all mobile device users within your organization use the secure messaging platform from TigerText. TigerText´s secure messaging platform is a cloud-based SaaS software application (“software as a service”) that requires no user training or complex integration before compliance with the HIPAA rules about texting is assured.
The TigerText platform allows organizations and individuals to send and receive text messages containing sensitive patient data via a secure virtual private network, which fully complies with the new HIPAA safeguards and texting guidelines and ensures the integrity of personal health information.
Furthermore, the TigerText secure messaging platform increases efficiency among individuals who use the network as a confirmation system, relaying when text messages have been received and read, which saves time on follow-up calls and secondary text messages between individuals who are using the system.
TigerText is the leading provider of secure messaging solutions, and our HIPAA compliant messaging solutions are implemented in more than 4,000 medical facilities. Each month over 150 million secure messages are processed through our servers; helping healthcare organizations to streamline workflows, increase efficiency and enhance the standard of healthcare provided.
As mentioned above, we have compiled a “HIPAA Compliance Statement” which you are invited to download and read for further information on the requirements for texting in compliance with HIPAA, or you are welcome to contact us with any questions you may have relating to the HIPAA compliant requirements or to arrange a free demonstration of TigerText in action.
TigerText provides secure, real-time mobile messaging for the enterprise, empowering organizations to work more securely. TigerText’s encrypted messaging platform keeps communications safe, improves workflows, and complies with industry regulations.