What is HIPAA and Where is it Taking Health IT


Apr 21, 2016 Jonathan Lyons, Senior Manager of Business Development

The Health Insurance Portability and Accountability Act (HIPAA), a law passed in 1996, requires (among other things) that healthcare information be handled confidentially. HIPAA’s privacy regulations require that all protected health information (PHI) — like medical records or payment details — and personally identifiable information (PII) — like phone numbers and social security numbers — remain secure and confidential.

Healthcare facilities often need to send and receive messages regarding appointments, diagnoses, and other important processes that contain patients’ identifying details and medical information. To comply with HIPAA, PHI and PII in these messages must be transmitted securely and in compliance with regulations.

Our secure, ephemeral-based messaging application lets hospitals and other healthcare organizations comply with HIPAA. Every TigerConnect message is encrypted at rest, on all associated devices and servers, and is transmitted securely using TLS. Additionally, every message has a configurable lifespan ranging from 1 minute to 30 days, and the message disappears entirely from the TigerConnect platform once the prescribed lifespan has been reached. With this security, patients can feel safe trusting their providers, and organizations can utilize messaging to deliver better care.

Health IT companies provide applications to manage medical data, and to facilitate communication between medical professionals, their patients, and increasingly between various systems and applications that generate or act on medical data behind the scenes. All of this communication must comply with HIPAA, which means that any information stored or exchanged on their applications must not become available to anyone but the intended viewers, and must be secured both at rest and in transit. TigerText’s TigerConnect platform lets these companies build secure messaging into their applications to maintain users’ trust and avoid legal problems.

Building on a platform like TigerConnect saves health IT companies many of the hassles of building from the ground up. HIPAA compliance is a complex technical challenge that cannot be surmounted through a secure deployment environment or storage solution alone. It requires that push notifications do not display protected data, that users decide where information is stored, and many other considerations. Creating HIPAA-compliant software necessitates knowledge of both the law and the development of very specific software, and it can take years and cost hundreds of thousands of dollars.

Given the concerns many people have regarding their privacy and the regulations currently in place to keep their information confidential, health IT cannot operate in a vacuum. In order to comply with the law, applications containing PII and PHI must implement secure ways of storing and sharing user data.

Visit TigerConnect’s website or read about how TigerText stays HIPAA-compliant to learn more about how you can keep the information in your application confidential without expending the resources to build secure messaging yourself.