How to Make Smartphones HIPAA Compliant

Before reading how to make smartphones HIPAA compliant, it is important to first understand the risks that are associated with using smartphones to access and transmit electronic protected health information (ePHI) when the phone user is not complying with the HIPAA regulations.

Surveys have shown that more than 80 percent of medical professionals use a personal mobile device (smartphone, tablet, etc.) to access patient data or to send and receive messages containing ePHI; and security risks when communicating ePHI by smartphone exist when:

  • A message is sent to the wrong person,
  • A message is intercepted on an open cell phone network or Wi-Fi hotspot
  • A personal mobile device containing ePHI is lost, stolen or otherwise disposed of.

Furthermore, even though ePHI now has to be encrypted, copies of messages sent by “regular” SMS or email remain on routing servers while they are in transit, and they cannot be absolutely recalled or deleted to prevent a potential breach of ePHI.

With this in mind, the following information will be of value to healthcare organizations who wish to remain HIPAA compliant and avoid being responsible for ePHI being compromised – with the substantial financial penalties and civil legal action that would result.

Compliance Starts with Organizations

In order to make smartphones HIPAA compliant, the organization for which the Smartphone user is an employee, associate or third party service provider must implement a secure messaging solution which protects the integrity of ePHI when it is at rest and in transit.

The secure messaging solution must conform to all the technical, physical and administrative safeguards contained within the HIPAA regulations, and each smartphone user must be authorized to access/transmit ePHI by being assigned a unique username and password.

Thereafter the organization must develop a policy to guide the authorized user on when and how their smartphone can be used to access or transmit ePHI, and the authorized user´s activity (when using the secure messaging solution) must be monitored to ensure that the policy is being adhered to.

Communicating ePHI by Smartphone with TigerText

TigerText´s secure messaging solutions make smartphones HIPAA compliant by maintaining all encrypted ePHI on a secure server, and enabling user-access to patient data through a Software-as-a-Service “On Demand” application.

The app has a text-like interface which operates across all operating systems and which Smartphone users will find easy to use. The app is configured so that messages can only be transmitted within a defined network containing other authorized users (so that ePHI will not be breached if a message is sent to the wrong person) and administrative controls exist to prevent other potential breaches:

  • A message recall function enables messages to be recalled even once they have been read and the ability exists to set message “lifespans” so that they delete automatically
  • A remote wipe feature permanently deletes all messages containing ePHI and removes the user from the system if their Smartphone is mislaid or stolen
  • Automatically produced audit logs and access reports allow system administrators to monitor activity on the secure servers containing ePHI.

In addition to making smartphones HIPAA compliant, features on TigerText´s secure messaging solution include delivery notifications and read receipts – which reduce the amount of time wasted on follow-up calls to see if a message has been received – and a “Do Not Disturb” autoreply, which healthcare professionals can use like an “Out of Office” email responder to leave bespoke responses about who to contact while they are unavailable.

TigerText´s Secure Messaging Solution in Action

There are significant advantages of using TigerText´s secure messaging solution for communicating ePHI by smartphone, and case studies have shown that organizations that make smartphones HIPAA compliant benefit from increased efficiency, enhanced patient care and reduced costs:

  • The El Rio Community Health Center in Arizona achieved a 22 percent increase in staff efficiency when the TigerText solution was put in place to resolve issues concerning messaging accountability, communication metrics and HIPAA compliance.
  • Phone tag was eliminated at the Wellcon Healthcare Facility in Salt Lake County when TigerText was introduced as a secure text messaging solution – saving nursing staff 8-12 hours per day and enabling them to attend to up to fifteen more patients per shift.
  • When TigerText´s solution was implemented at the Mt. Hood Hospice in Oregon, nursing staff were able to raise patient concerns and send images securely by smartphone, and receive instructions on what patient care should be provided.

TigerText’s secure messaging solution has been implemented in more than ,4,000 medical facilities and over 150 million secure messages are sent by professionals communicating ePHI by Smartphone.

Policies for Communicating ePHI by Smartphone

The final element of how to make smartphones HIPAA compliant is the development of a policy to guide authorized users on how they should be communicating ePHI by smartphone to remain in compliance with the HIPAA regulations.

Policy development and implementation is such an important element of complying with HIPAA that we have compiled a white paper – “The Top 8 Secure Messaging Policy Best Practices” – which you are invited to download in order to read information about the best practices to include in a policy for securely communicating ePHI by smartphone.

The white paper also provides advice about the integration of HIPAA compliant policies with existing company policies, and reminds readers that policies to make smartphones HIPAA compliant should be reviewed regularly – and amended as necessary – to account for changes in work practices, new legislation and technological advances.

Speak with TigerText about How to Make Smartphones HIPAA Compliant

If you have any questions about  how to make smartphones HIPAA compliant, or the policies that should be adopted to enable communicating ePHI by smartphone, you are welcome to contact us and arrange a free demo to see how TigerText´s secure messaging solution can be of benefit in a healthcare environment in which many of your employees, business or associates use mobile devices to communicate sensitive patient data.