HIPAA Regulations for SMS

The HIPAA Regulations for Text Messages Have Changed

The HIPAA regulations for SMS texting of protected health information (PHI) changed in 2013 when the Final Omnibus Rule enacted legislation within the Health Insurance Portability and Accountability Act (HIPAA). Due to the increased number of medical professionals using personal mobile devices in the workplace (PDAs, laptops, smartphones etc.) and changing work practices, risks to the integrity of PHI were identified which would be prevented by the new HIPAA regulations for text messaging.

Complying with the HIPAA Regulations for Texting

In order to comply with the HIPAA regulations for texting, technical, physical and administrative conditions have to be fulfilled to avoid the risk of a PHI breach. We have listed a selection of these conditions below, but the list is not comprehensive and not all the conditions will apply in certain circumstances.

Organizations who are unsure whether the new regulations apply to them should consult the following section (“Who do the HIPAA Regulations for SMS Apply To?”) or contact us to speak with a TigerText representative and discuss your specific situation. The conditions for complying with the HIPAA regulations for texting include:

Technical Regulations

  • Security measures must be implemented to prevent unauthorized access to PHI that is being sent or received in areas of public Wi-Fi or on open cell phone networks.
  • Systems introduced to ensure compliance with HIPAA regulations for text messages must be able to produce audit logs so usage can be monitored by system administrators.
  • Messaging systems must also have the function of remotely deleting text messages should they be sent to the wrong person or when a mobile device has been lost, stolen, or otherwise misplaced.

Physical Regulations

  • Security procedures must be put in place to ensure that ePHI cannot be destroyed or improperly altered, or saved to an external hard drive, desktop computer or mobile device.
  • All PHI must be encrypted only accessed on a secure network, with authorized users assigned unique names or numbers to confirm their identity.
  • Any risk of unauthorized physical access to the server(s) – including hacking into the server(s) containing the encrypted PHI – must be identified and eliminated.

Administrative Regulations

  • System administrators must be appointed to oversee policies which comply with the HIPAA regulations for text messages.
  • Authorized users must be advised of these polices and any sanctions that may be applied should the terms of the policies be violated.
  • Frequent risk assessments should be carried out to ensure that authorized users are complying with the HIPAA regulations for texting.

Who do the HIPAA Regulations for SMS Apply To?

The changes to the HIPAA regulations for SMS messaging extended who must comply with the mandated best practices. In addition to medical professionals, health insurance providers (including employers), health insurance clearing houses (including fund managers), and any subcontractor, “associate”, or third-service provider who has access to PHI (*) is now also subject to the HIPAA regulations for texting.

(*) Protected health information is frequently abbreviated to “PHI” (or “ePHI”) and is defined as “any information about the provision of healthcare, a patient´s health status, or payment for healthcare that can be linked to a specific individual”. There are eighteen “identifiers” (such as photographs of a patient, their telephone number or social security number) that are classified as PHI and covered by the HIPAA regulations for SMS.

The TigerText Solution

The new HIPAA regulations for text messages have caused a few issues for organizations that have existing communication systems which are not HIPAA-compliant, but which would be potentially expensive to convert. TigerText´s secure text messaging system integrates seamlessly with most existing systems by allowing authorized users to access or transmit PHI through a secure encrypted network.

The TigerText application surpasses the technical and physical conditions needed to comply with the HIPAA regulations for SMS messaging. The application automatically generates read receipts to confirm that messages have been received, and produces audit logs to monitor usage by authorized users.

The secure text messaging system has been specifically designed by TigerText to function in a similar way to sending and receiving SMS messages, so that authorized users will have no difficulty in adapting to the new HIPAA regulations for text messages and can start using the system without training.

The Benefits of Complying with the HIPAA Regulations for Texting

Organizations that have already implemented secure text messaging systems to comply with the HIPAA regulations for texting have witnessed significant benefits. Doctor/Nurse communications have been enhanced by secure text messaging and, as doctors can now receive PHI on the go with secure text messaging, efficiency rates at a number of medical facilities have soared.

Included among the case studies that can be found on our website, the El Rio Community Health Center in Arizona experienced a 22% increase in staff efficiency when a TigerText secure text messaging system was introduced as a solution to the communication issues it was experiencing; and the Houston Fertility Institute noted an 80% decrease in phone tag when a TigerText secure text messaging system with multi-platform functionality was implemented.

Furthermore, research conducted by the Ponemon Institute into patient discharges from medical facilities found that waiting times could be reduced by half using secure text messaging; with the average saving on staff costs equivalent to $557,253 each year for each medical facility.