PHI and Text Messaging

Text Messaging PHI in Compliance with HIPAA

In 2013, changes to the Health Insurance Portability and Accountability Act (HIPAA) introduced new conditions for accessing PHI and text messaging sensitive patient data. These new conditions were also extended to “associates”, sub-contractors and third-service providers – who now have to make appropriate arrangements to ensure that, when they are text messaging PHI, they are in compliance with HIPAA.

Who is Affected by the Rules about PHI and Text Messaging?

The Privacy and Security Regulations contained within HIPAA apply to medical professionals, health insurance providers (including employers as well as brokers who work for insurance companies), health insurance clearing houses (including fund administrators and managers), and any subcontractor who has access to protected health information (irrespective of whether it is stored electronically or not).

Protected health information (often abbreviated to PHI or ePHI) is defined as “any information about health status, provision of health care, or payment for health care that can be linked to a specific individual”, and consists of eighteen different “identifiers” which could connect specific details to a patient (such as photographs of the patient, their social security number or their telephone number).

Communicating PHI and Text Messaging

When communicating PHI via text messaging certain safeguards now have to be in place to prevent a potential security breach. The conditions for text messaging PHI in compliance with HIPAA include:

Administrative Requirements

  • Administrators must devise and implement policies so that accessing or text messaging PHI is done in compliance with HIPAA.
  • Authorized users must be advised of these polices and any sanctions that may be applied if they are found not in compliance with HIPAA regulations.
  • Regular risk assessments should be conducted to ensure that authorized users are adhering to the policies implemented for text messaging PHI in compliance with HIPAA.

Physical Requirements

  • Sensitive patient data must be encrypted and accessed via a secure network, with unique identifiers allocated to authorized users.
  • Any threat of unauthorized physical access to the data – including hacking into the encrypted database – should be identified and eliminated.
  • Protocols must be implemented to ensure that electronically-stored protected health information cannot be altered or destroyed

Technical Requirements

  • Systems introduced to ensure that access to PHI and text messaging are HIPAA-compliant must be able to produce audit logs in order that administrators can monitor usage.
  • Security measures must be introduced to prevent unauthorized access to sensitive patient data that is being sent or received in areas of public Wi-Fi or on open cell phone networks.
  • Messaging systems must also have the facility to remotely delete texts should a message be sent to the wrong recipient or a personal mobile device be stolen, lost or otherwise misplaced.

PHI and Text Messaging Solutions

Text messaging PHI in compliance with HIPAA involves implementing a secure texting system which fulfills the requirements of the HIPAA Privacy and Security Rules, but most organizations will already have a communications structure in place which – understandably – they do not want to dispose of and rebuild from scratch.

Fortunately, TigerText´s secure texting system integrates effortlessly with most existing systems, and surpasses the physical and technical requirements needed for compliant PHI text messaging, by allowing authorized users to access and transmit sensitive patient data through an encrypted and secure network.

The TigerText application automatically produces read receipts in order that senders can see messages have been read, and audit logs which enable administrators to easily monitor usage by authorized users and identify any threat to the integrity of PHI. The secure texting system also has the facility to assign a message lifespan to text communications so that they are automatically deleted after a pre-determined period.

TigerText´s system has been specifically designed to operate in a similar way to SMS messages, so that those to whom the rules about PHI and text messaging apply to will have no difficulty in understanding how to use the system and adapt to it immediately.

The Benefits of Compliant Communication of PHI and Text Messaging

Organizations that have taken steps already to accommodate text messaging ePHI in compliance with HIPAA have witnessed significant benefits such as increased efficiency and cost reductions. The following is a selection of examples from our case studies in order to illustrate the benefits of compliant ePHI and text messaging:

  • Collaboration between office-based doctors and off-site nurses was proving to be a problem at Optimal Health Services in California and affecting patient care, until a TigerText secure texting system was introduced which enabled nursing staff to tend to their patients for longer, rather than return to their offices to collect messages and provide feedback to doctors.
  • Efficiency was increased by 22% at the El Rio Community Health Center in Arizona when the center introduced a TigerText messaging system as a solution to the communication challenges it was experiencing, and the Houston Fertility Institute recorded an 80% decrease in phone tag when a TigerText messaging system with multi-platform functionality was implemented.
  • Albany Gastroenterology Consultants solved the issue of having their internal medicine department in the basement of one of their hospitals where there was no cell phone coverage by implementing a TigerText secure texting system when an alternative web-based solution was considered inappropriate because of the risk of patient data being compromised.