HIPAA Compliance for Clinical Texting

What you Should Know About HIPAA Compliant Texting in Clinical Environments

Recent changes to the regulations regarding HIPAA compliance for clinical texting were introduced in the Final Omnibus Rule of March 2013 to improve the security of personal patient data and reduce the number of breaches of protected health information (PHI).

The Final Omnibus Rule brought both the existing Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) up to date, and extended the criteria for who was now governed by the revised regulations.

Whereas previously, HIPAA compliant clinical texting regulations had only applied to healthcare professionals, health insurance providers and employers who offered HIPAA covered programs to their workforce, they now apply to anybody who has access to PHI, including fund managers, administrators, brokers and sub-contractors.

Why HIPAA Compliance for Clinical Texting Needed Updating

Prior to the new guidelines for HIPAA compliant clinical texting being introduced, it had been estimated by the Centre for Democracy and Technology that 66 percent of all breaches of PHI were attributable to the loss or theft of a personal mobile device. Due to technological advances and changing work practices, more than 80 percent of healthcare professionals now access PHI or communicate patient data via their mobile devices (according to a study by the Health Research Institute) – although not always within HIPAA compliance for clinical texting.

The use of personal mobile devices (Smart phones, cell phones, tablets etc.) in a clinical environment was identified as a particular risk to the integrity of PHI – especially when sensitive patient data was transmitted on open cell phone networks or accessed within publicly accessible Wi-Fi areas.

Consequently, some tightening of the regulations for HIPAA compliant clinical texting was required to safeguard the privacy and security of patients in HIPAA-covered health programs, and to protect those who inadvertently failed to be HIPAA compliant when clinical texting from the threat of civil legal action.

HIPAA Compliant Texting for Doctors

The new guidelines regarding HIPAA compliant texting for doctors and other healthcare professionals set several criteria which must be fulfilled by healthcare organizations before the organization is within HIPAA compliance for clinical texting.

The revised healthcare messaging guidelines set the criteria for the conditions that should be in place before employees and sub-contractors can access protected health information or transmit/receive sensitive data on their mobile devices (Smartphone, cell phone, tablet, etc.):

  • Healthcare organizations must introduce a secure system of HIPAA compliant texting for doctors and other healthcare professionals which is centrally managed and which restricts access to PHI.
  • All PHI stored within the secure system should be encrypted in order to make it “indecipherable, unreadable or unusable” should data be copied without authorization or the system hacked.
  • Checks should be conducted periodically to assess any threats to the integrity of PHI and to ensure that HIPAA compliance for clinical texting is being upheld.
  • A text messaging system should be established which prevents healthcare professionals or sub-contractors from storing PHI locally on their personal mobile devices.
  • Healthcare professionals and sub-contractors should be advised of the procedures to report the loss or theft of mobile devices, so that the device can be removed from the system immediately and the integrity of PHI secured.

How To Ensure HIPAA Compliant Clinical Texting

In order to ensure HIPAA compliant clinical texting, healthcare organizations should implement an encrypted text messaging platform. Encrypted text messaging platforms protect PHI on a server within a virtual private network which only authorized healthcare professionals have access to.

Authorized healthcare professionals can access the PHI data via their mobile devices, and maintain secure communication with other authorized healthcare professionals through the network, provided that they are within range of an Internet signal.

The individual´s personal mobile device still operates as normal if the individual wants to use their phone or tablet to keep in touch with friends, surf the Internet or send private SMSs; however, emails should not be used to transmit PHI, as copies of the email messages are made on routing servers as the message is in transit and cannot be
permanently deleted.

With a secure and encrypted text messaging platform, administrators have the ability to remove any user remotely from the system should the individual´s mobile device be lost or stolen and thereby protect the integrity of PHI stored
on the platform.

TigerText and HIPAA Compliant Texting for Doctors

TigerText´s encrypted text messaging platform enables HIPAA compliant clinical texting by operating via a secured, cloud-based application. Doctors, other healthcare professionals and sub-contractors who communicate sensitive patient data via their personal mobile devices will find using TigerText little different from their normal texting practices while staying within HIPAA compliance for clinical texting.

As there is no software to download or training required before HIPAA compliant texting for doctors can begin, there is no drain on resources while IT departments set up personal mobile devices or individuals are trained on how to use the application. However, system administrators may need a brief induction to get the maximum benefit from usage reports and to understand the processes which ensure HIPAA compliant clinical texting.

The TigerText encrypted text messaging platform also has additional benefits which increase efficiency, reduce costs, and improve the level of healthcare provided to patients:

  • Authorized healthcare professionals are able to communicate simultaneously and collaborate on a patient´s care when using TigerText, even when they are many miles apart.
  • Delays no longer occur waiting for colleagues to log into messaging accounts when TigerText is used for HIPAA compliant clinical texting on personal mobile devices.
  • Automatically generated read receipts provided by TigerText save time and money by eliminating follow-up calls to ensure that text messages have been received.
  • Quick and secure HIPAA compliant texting for doctors enables fast decision-making when patient data is required urgently to provide the most suitable healthcare.