Secure Texting and HIPAA Compliance
The texting of protected health information (PHI) has recently been in the spotlight due to changes enacted in the Health Insurance Portability and Accountability Act (HIPAA) regarding secure messaging. These changes affected many medical professionals working in the healthcare industry – due to the convenience of accessing and communicating PHI by text – and the organizations that employ them.
Due to the risk of PHI being compromised – and the fines that accompany a breach of PHI – many organizations have been reviewing their secure texting and HIPAA compliance policies, and this article aims to assist with the development and implementation of policies which complement existing guidelines to ensure compliance with HIPAA secure messaging regulations.
Who do the Rules about Communicating PHI by Text Apply To?
According to the HIPAA Privacy and Security Regulations, the rules about communicating PHI by text apply to medical professionals, health insurance providers, employers providing a HIPAA-covered health scheme and anybody who has access to PHI in a healthcare organization or health insurance clearing house.
Short-term associates, subcontractors and third-party service providers who require access to PHI in the course of their duties can become temporary “authorized users” if they sign a contract in which:
- They agree what PHI they can have access to and for how long
- They agree not to disclose PHI other than as permitted by the contract
- They agree to provide their own safeguards to prevent unauthorized access to PHI
- They agree to report any breaches of PHI or suspected breaches of PHI without delay
- They agree to return or destroy all PHI on termination of the agreement
What are the Criteria for Secure Texting and HIPAA Compliance?
In order to comply with the HIPAA secure messaging regulations, all PHI must be encrypted to NIST standards, reside in a secure network and only accessible by authorized personnel with designated and unique user IDs.
Any communicating of PHI by text can only be done between authorized users, and the secure text messaging solution must have the facility to retract and delete text messages in the event that a text is sent to the wrong recipient or a personal mobile device used to access PHI is lost or stolen.
The secure text messaging system must be able to record the activity of authorized users and produce access reports and audit logs in order to comply with the HIPAA “Audit Protocol” and system administrators must develop privacy and security “best practice” policies that instruct authorized users on secure texting and HIPAA compliance.
The TigerText HIPAA Secure Messaging Solution
TigerText´s secure text messaging application seamlessly integrates into healthcare organizations, replacing outdated or inefficient communication methods. Operating in a similar fashion to SMS messaging, the application allows authorized users access to PHI via an “on demand” virtual private network. The secure text messaging application surpasses all the criteria for secure texting and HIPAA compliance and automatically generates read receipts to confirm a message has been read and eliminate the need for follow-up calls and phone tag. The application also produces access reports and audit logs in order that administrators can monitor use in compliance with the HIPAA secure messaging regulations.
The TigerText secure text messaging application has been deliberately designed to be easy to install and simple to use; however, it is still necessary for organizations to develop “best practice” policies to ensure communication PHI by text remains HIPAA compliant.
Speak with TigerText about HIPAA and Secure Messaging
TigerText is the market leader in providing secure text messaging solutions for healthcare organizations, and more than 5,000 medical facilities now use the TigerText application to ensure secure texting and HIPAA compliance.
Case studies have shown that HIPAA secure messaging can result in significant benefits for healthcare organizations – not only in terms of reduced costs and increased efficiency, but also in terms of the standard of care received by patients.
We have a dedicated team of advisors who can provide assistance with any question you might have in regard to HIPAA secure messaging; so why not contact us today for an informal discussion about your secure text messaging requirements, and find out how your organization can achieve secure texting and HIPAA compliance.