Does Text Messaging Violate HIPAA Guidelines?

How to Send Text Messages within the HIPAA Guidelines

In March 2013, The Final Omnibus Rule enacted regulations within the Health Insurance Portability and Accountability Act (HIPAA) which left many healthcare organizations asking the question “Does text messaging violate HIPAA guidelines?” The answer is that it is possible to send text messages within the HIPAA guidelines, but only under specific conditions.

 

The HIPAA Guidelines for Text Messaging

The HIPAA guidelines for text messaging were introduced due to the increasing number of medical professionals who were using personal mobile devices (Smartphones, laptops, tablets etc.) to access electronic protected health information (ePHI) and communicate it – via text – to colleagues.

A growing risk of ePHI breaches was identified should text messages be sent to the wrong person, or if a medical professional´s personal mobile device that contained ePHI was stolen, lost, or otherwise disposed of. Consequently, it only became possible to send text messages within the HIPAA guidelines when the following conditions were met:

  • When ePHI was encrypted to NIST standards and protected by a secure server within a HIPAA-compliant hosting environment
  • When authorized users were allocated unique usernames and passwords so that access to ePHI could be monitored in compliance with the HIPAA Audit Protocol
  • When messaging solutions introduced to comply with the HIPAA guidelines for text messaging had remote wipe facilities and other features to enhance security
  • When policies were introduced to inform authorized users how to send text messages within the HIPAA Guidelines

The Problem with SMS Messaging

SMS messaging was effectively banned by the changes to HIPAA as SMS text messages containing ePHI can be accessed by anyone, forwarded to anyone and there is no way of deleting them from a recipients mobile device once they have been sent. Furthermore, although ePHI now has to be encrypted, copies of SMS messages can remain on providers´ servers indefinitely – during which time they could be intercepted by unauthorized users.

Generally speaking, SMS is not designed with the highest levels of physical and data security , as senders of SMS messages cannot be absolutely sure that the message has been received and read by the correct recipient, and there is no way that systems administrators can oversee compliance with the HIPAA guidelines for text messaging. Overall, it would be accurate to say that SMS text messaging does violate HIPAA guidelines – in so many ways.

TigerText´s Solution for HIPAA Compliant Text Messaging

In contrast, TigerText has developed a secure text messaging platform which makes the question “does text messaging violate HIPAA guidelines” irrelevant. The platform enables the transmission of encrypted ePHI and viewing within a secure cloud-based platform; which authorized users can gain access to via an on-demand or web application.

The secure text messaging process allows an authorized user to send text messages within the HIPAA guidelines by connecting him or her to the secure cloud-based application, where their message is encrypted. Simultaneously, the intended recipient receives notification of an unread message, and then authenticates their identity to access the encrypted message.

TigerText´s secure text messaging platform allows recording of the communication on an audit log so that system administrators are able to oversee access to ePHI in accordance with the HIPAA Audit Protocol, while TigerText´s remote wipe function can remove ePHI from any personal mobile device if a potential threat to ePHI is identified – or if the personal mobile device is lost, stolen or otherwise disposed of.

Enhance Workflows with TigerText´s Secure Text Messaging Platform

The TigerText secure text messaging platform has additional features which increase efficiency within a healthcare environment, enhance medical professionals´ workflows and improve patient care. As the platform functions across all devices and operating systems, authorized users can securely transmit and receive ePHI in compliance with the HIPAA guidelines for text messaging in a number of medical scenarios:

  • Nurse to doctor communications can be enhanced with secure text messaging
  • Lab results can be delivered by secure text messaging Patient diagnoses can be made “on the go” with secure text messaging Admissions and discharges can be accelerated by secure text messaging
  • Home health flows can be more effective with secure text messaging

Furthermore, TigerText´s secure text messaging platform automatically delivers read receipts as soon as a communication containing ePHI has been accessed – reducing phone tag and eliminating the need for follow-up calls to see if a message has been received – while all information concerning a patient can be automatically integrated into their Electronic Medical Record (EMR).

This allows healthcare professionals to collaborate securely via secure text messaging, enabling decisions relating to a patient´s care to be made faster, pharmacists can confirm prescription orders immediately and the patient receives the appropriate treatment quicker – enabling a reduced recovery time.