Text Message Security

Text Message Security

Text message security is increasingly becoming an issue for those responsible for protecting private health information (PHI). Healthcare professionals, health insurance companies, employers who operate a health program covered by the Health Insurance Portability and Accountability Act (HIPAA) – and any other third party service providers who have access to sensitive patient data – each have a duty to protect the integrity of PHI.

However, due to technological advances and changing work practices, more than 80 percent of healthcare workers now access PHI or communicate patient data via their mobile devices (according to a study by the Health Research Institute), and 66 percent of reported PHI breaches are due to mobile devices being lost or stolen and the data on the devices being accessed by unauthorized individuals (according to the Center for Democracy and Technology).

With further breaches of PHI being attributable to individuals using their mobile device in public Wi-Fi areas or on open cell phone networks, the questions “when is text messaging secure” and “how should we best be securing text messages” are being asked by those responsible for protecting PHI – especially now that the Office of Civil Rights has the power to impose substantial financial penalties when a breach occurs.

When is Text Messaging Secure

Revisions to the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) were introduced in the Final Omnibus Rule of March 2013 and provided new guidelines for when is text messaging secure.

The following criteria should consequently be implemented by organizations and individuals with access to PHI, and applied to any sub-contractor to whom PHI is sent:

    • Organizations must develop a system for securing text messages which is centrally controlled and which limits who has access to PHI.
    • Risk assessments should be carried out periodically in order to identify any threat to the integrity of PHI or potential breaches of text message security.
    • All patient information within the protected system should be encrypted in order to render any PHI hacked or copied from the system “unusable, unreadable or indecipherable”.
    • The system should also prevent employees and sub-contractors from being able to store PHI locally on their personal mobile devices.
    • Procedures should be in place so that employees and sub-contractors can report the theft, loss or disposal of their devices immediately, and the user removed from the system.

It was mentioned above that the Office of Civil Rights has the power to impose substantial financial penalties when a breach of PHI occurs. Organizations should also be aware that patients, whose private health data has been compromised, also have the right to bring civil legal action against the liable party.

How Organizations Should Be Securing Text Messages

In order to comply with the revised HIPAA and HITECH regulations, organizations should be securing text messages by using an encrypted messaging platform. Encrypted messaging platforms transmit healthcare communications while taking other precautions to ensure the data is secure on both the senders and recipient’s devices.

With the encrypted platform on a mobile device, the owner still retains all the functionality of their cell phone, Smart phone or tablet to communicate with family, friends and associates, but using the encrypted and secure text messaging application ensures PHI security.

Securing text messages with an encrypted messaging platform is much more secure than communicating by any other channel – including emails which, whether encrypted or not, are copied on numerous routing servers before they are delivered and which can never be permanently deleted. In the event that the owner disposes of their mobile device – or it is lost or stolen – the administrator of the encrypted messaging platform removes the user from the network and the integrity of the text message security is preserved.

Assure Text Message Security with TigerText

The best way to deal with the questions “when is text messaging secure” and “how should we best be securing text messages” is to implement the encrypted messaging platform available from TigerText. TigerText offers a simple-to-use encrypted messaging platform which operates from a secure cloud-based virtual private network to safeguard the integrity of PHI.

Organizations and individuals will have no difficulty in using the TigerText application – which requires no download and little explanation – and network administrators will receive reports to help them maintain control over the transmission of PHI and to ensure that employees and sub-contractors comply with the regulations concerning text message security.

The TigerText encrypted messaging platform not only meets the criteria required for securing text messages but also offers many additional cost and time-saving benefits to organizations; including those listed below:

    • Team members can collaborate in real time when using the TigerText encrypted messaging platform without risking the integrity of PHI.
    • The TigerText platform eliminates the need for follow-up calls by sending read receipts when messages have been received and read.
    • When used on personal mobile devices, TigerText reduces the waiting times between a question being asked and an answer being received.
    • The TigerText encrypted message platform enables fast decision making when necessary to provide patients with the highest standards of care.

For further information about TigerText´s encrypted messaging platform and how text message security is assured, you are invited to download our free “RFP Template for Secure Messaging” tempalte or contact us with any questions you may have relating to text message security and compliance.