What are the New Requirements for Texting in Compliance with HIPAA?
New HIPAA compliant texting requirements were introduced by the Final Omnibus Act of 2013 which related to the conditions under which it was permissible to communicate electronic protected health information (ePHI) between healthcare professionals and other HIPAA covered entities.
The requirements for texting in compliance with HIPAA are categorized into three sections – physical safeguards, technical safeguards and administrative safeguards – and each of these safeguards must be fulfilled in order for the communication of ePHI to be HIPAA compliant over any electronic channel.
Best practice policies must also be established to instruct healthcare professionals and other HIPAA covered entities on the procedures for the use, disclosure and safeguarding of ePHI – and to guide them on when and how to use any solution that is implemented to communicate ePHI in compliance with HIPAA.
HIPAA Compliant Texting Requirements – Physical Safeguards
The physical requirements for texting in compliance with HIPAA concern access to the physical computer systems on which ePHI is maintained and the environment in which the computer systems are located.
Responsibilities included in the physical safeguards include establishing a faculty plan and a contingency plan in the event of an emergency, and introducing validation procedures in order to authenticate the ID of personnel who have physical access to the computer systems.
HIPAA Compliant Texting Requirements – Technical Safeguards
The technical requirements for texting in compliance with HIPAA are those which are most relevant to communicating patient information securely, as they cover the procedures and controls that have to be implemented in order to protect ePHI when it is in transit.
The technical safeguards include implementing a secure messaging platform through which messages are communicated securely and assigning unique usernames and passwords to authorized users so that their activity on the secure server can be monitored.
HIPAA Compliant Texting Requirements – Administrative Safeguards
The administrative requirements for texting in compliance with HIPAA require that a system administrator is appointed to implement policies and procedures to “prevent, detect, contain, and correct” potential breaches of ePHI.
This means that healthcare professionals must be trained on how to use the secure messaging platform that is introduced, and advised of the sanctions that apply should they be responsible for a breach of sensitive patient data.
Other Requirements for Texting in Compliance with HIPAA
The full text of the Health Insurance Portability and Accountability Act (HIPAA) would take up many pages on this web site, and therefore we have compiled a “HIPAA Compliance Statement” which elaborates on the most important requirements for texting in compliance with HIPAA not included in the category descriptions above.
Our white paper also discusses relationships with business associates, encryption and decryption requirements, risk management analysis, data backup plans and access authorization; and, if there is any element of the HIPAA compliant texting requirements you remain unsure about, please do not hesitate to contact us.
How TigerText Fulfills the Requirements for Texting in Compliance with HIPAA
TigerText is the market leader in secure text messaging solutions, and enables texting in compliance with HIPAA by allowing authorized users access to ePHI via an encrypted and secure messaging platform.
Authorized users can access ePHI once they log into the application, downloaded onto their mobile device or accessed via the web on their desktop computer. The application has an SMS-like interface to allow users to easily implement and adapt the solution into their daily workflow.
Administrative controls exist on the secure platform to maintain security and integrity of any communicated ePHI, and allow administrators to maintain staff usage and ensure compliance in case of a lost or stolen device.
TigerText´s secure text messaging solution fulfills the administrative HIPAA compliant texting requirements by producing access reports in order that administrators can monitor usage of the platform and ensure that all texting is carried out within best practice policies.
The controls on the platform allow administrators to preset message “lifespans”, to remotely delete or retract any text message that may result in a breach of ePHI, or remotely wipe an authorized user from the system if their mobile device is stolen, lost or otherwise disposed of.
All text messages are configured to travel within a defined network, and users must authenticate their ID with a unique username and password accessing or sending any text message containing ePHI. Further controls to protect the integrity of ePHI prevent the copying and pasting of message contents or the forwarding of messages outside of the network.
The Benefits of HIPAA Compliant Texting
Many of the functions of TigerText´s secure messaging solution were originally developed in order to comply with the HIPAA compliant texting requirements; and, as the TigerText apps work in any location where a 3G or Wi-Fi service exists, there has also been a number of benefits derived from texting in compliance with HIPAA.
- Medical professionals can receive ePHI “on the go” with HIPAA compliant texting, access lab results, images and x-rays, collaborate with other medical professionals, arrange for the administration of treatment and accelerate patient discharges.
- Doctor-nurse communications are enhanced with secure texting when patient consults are required due to read receipts reducing the amount of time that is wasted playing phone tag and enabling doctors and nurses to use their time more productively.
- In locations away from a medical facility, home healthcare professionals can escalate patient concerns with secure texting, prescription orders can be filled quicker with secure texting, and emergency services personnel can accelerate admissions with secure texting.
In each of the above scenarios, fulfilling the requirements for texting in compliance with HIPAA frequently results in streamlined workflows, increased efficiency and an enhanced standard of healthcare received by patients. “Real life” examples of TigerText´s secure messaging solution improving productivity in a cost-effective manner can be found among our case studies.
Speak with TigerText about HIPAA Compliant Texting Requirements
TigerText is the leading provider of secure messaging solutions, and our HIPAA compliant messaging solutions are implemented in more than 4,000 medical facilities. Each month over 150 million secure messages are processed through our servers; helping healthcare organizations to streamline workflows, increase efficiency and enhance the standard of healthcare provided.
As mentioned above, we have compiled a “HIPAA Compliance Statement” which you are invited to download and read for further information on the requirements for texting in compliance with HIPAA, or you are welcome to contact us with any questions you may have relating to the HIPAA compliant requirements or to arrange a free demonstration of TigerText in action.