In March 2013, The Final Omnibus Rule enacted certain HIPAA rules regarding text messaging. The rules affect everybody who works in healthcare and healthcare insurance (and employers who offer HIPAA-covered healthcare programs for workers), and third parties who provide sub-contracted services to the healthcare industry.
As third party service providers (also known as “associates”) did not previously have to conduct their business in compliance with the legislation, new HIPAA guidelines for messaging were produced – the primary ones being included in this article.
However, as the HIPAA regulations for texting affect different sectors of the healthcare industry in different ways, we have produced a white paper – “Top 8 Secure Messaging Policy Best Practices” – which complements the information in this article, and is also available to download.
In order for organizations and employees within the healthcare industry to be compliant with the new regulations, HIPAA guidelines for messaging have been produced. The most important point of note within the guidelines is that all electronically-stored protected health information (ePHI) must be encrypted to
NIST standards, and maintained on a secure server to which only authorized personnel can have access. This means that if a breach of ePHI occurs, the data contained within the secure server will be indecipherable to any third party who accesses it without authorization.
Also within the HIPAA rules regarding text messaging, healthcare organizations must introduce a centrally-monitored system of secure messaging to replace SMSs, pagers and emails – which are neither “secure” nor HIPAA-compliant – and conduct frequent risk assessments to ensure the integrity of the secure system and HIPAA regulations for texting are being complied with.
As many healthcare professionals use their own personal mobile devices (Smart phones, tablets, PDAs, laptops etc) to access and transmit ePHI, the HIPAA guidelines for messaging insist that it should be impossible for data within the secure server to be stored locally on mobile devices, and there should also be procedures in place for healthcare professionals to report a loss or theft of their mobile device in order that the individual user can be removed from the system of secure messaging, and any sensitive patient data on their mobile device deleted remotely.
The revisions of the HIPAA rules regarding text messaging were primarily intended to prevent the substantial number of ePHI breaches that were occurring each year but, since the HIPAA guidelines for messaging were adopted within the healthcare industry, there has been a considerable number of spin-off benefits – no more so than to patients at the receiving end of improved healthcare services.
Case studies have shown that healthcare professionals have been able to treat patients quicker and more effectively through a secure messaging system than through any other mode of communication. The ability for secure messages to be transmitted across various devices and platforms has created a more efficient workflow – both in the hospital environment and in home health settings – which has resulted in healthcare professionals being able to attend to more patients each day.
Because data on the secure messaging system now has to be encrypted, the convenience of secure texting for healthcare professionals on a personal mobile device has been extended to included open cell phone networks or in areas with a public Wi-Fi service, which before risked a breach of ePHI if a communication was intercepted or compromised.
The benefits seen by organizations from the revised HIPAA regulations for texting have included increased efficiency, cost savings and the substantially reduced risk that they – or an employee, agent or sub-contractor – will be liable for an expensive breach of ePHI.
By following the HIPAA guidelines for messaging, organizations can enable collaboration between team members via their personal mobile devices on important healthcare matters, review audit logs and give messages a pre-determined lifespan so that transmitted ePHI can be deleted after a set period of time, and integrate communications relating to patient healthcare into the patient´s Electronic Medical Record (EMR) automatically – something which had to be done manually when messages were sent via email, pager or standard SMS.
TigerText´s encrypted messaging platform surpasses the HIPAA rules regarding text messaging, with the ability to access and transmit ePHI via a cloud-based “on demand” application. The application has been specifically designed to function in the same way as SMS messaging so that healthcare professionals will find the application simple to understand and easy to use on their personal mobile devices.
Authorized personnel will not be inconvenienced by using TigerText´s messaging platform with it’s easy admin controls and messaging features. There is no complex software to download or training required, and system administrators will find that the platform helps them to maintain control over the integrity of protected health information and ensure compliance with the HIPAA guidelines for messaging.
In order to find out more about TigerText´s encrypted messaging platform – and how it ensures compliance with the HIPAA rules regarding text messaging – please download our free white paper
“Top 8 Secure Messaging Policy Best Practices” or contact us with any questions you may have about the HIPAA regulations for texting.
TigerText provides secure, real-time mobile messaging for the enterprise, empowering organizations to work more securely. TigerText’s encrypted messaging platform keeps communications safe, improves workflows, and complies with industry regulations.