Hospital Texting and HIPAA Compliance
The Final Omnibus Rule of March 2013 updated both the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) and raised the question, “Is texting in hospitals HIPAA compliant?”
What is New about HIPAA Compliant Hospital Texting?
The revised guidelines for “when is texting in hospitals HIPAA compliant” broadened the scope of the Act to include everybody who may have access to protected health information (PHI). Whereas the most likely individuals to be concerned about hospital texting HIPAA compliance would previously have been healthcare organizations, healthcare professionals, providers of health insurance and employers who offered a healthcare program; the regulations regarding HIPAA compliant hospital texting now also apply to third party services providers such as administrators, fund managers and insurance brokers.
These third parties – and any sub-contractors employed by them – must comply with the revised HIPAA regulations or risk being fined by the Office of Civil Rights should a breach of PHI occur. Patients or employees whose PHI is compromised can also make a civil claim for compensation against the organization or individual responsible for allowing unauthorized access to their private health and financial details.
When is Texting in Hospitals HIPAA Compliant?
- Healthcare organizations must introduce a HIPAA compliant hospital texting system which is administered from a central point and which restricts access to PHI.
- All PHI stored within the system for hospital texting and HIPAA compliance should be encrypted in order to make it “indecipherable, unreadable or unusable”.
- Risk assessments should be regularly conducted to identify any threats to the integrity of PHI and to ensure that texting in the hospital is HIPAA compliant.
- The HIPAA compliant hospital texting system should not allow healthcare professionals or sub-contractors to store PHI on the memories of their personal mobile devices.
- Healthcare professionals and sub-contractors should be advised of the hospital texting and HIPAA compliance procedures to report the theft or loss of a mobile device, so that the device can be removed from the system and any PHI-related messages deleted remotely.
Why Hospital Texting Regulations Needed Updating
Prior to the introduction of revised guidelines for HIPAA compliant texting in hospitals, the Centre for Democracy and Technology had estimated that 66 percent of all PHI breaches were attributable to the theft or loss of a personal mobile device.
With technological advances and changing work practices, more than 80 percent of healthcare professionals now communicate patient data or access PHI with their mobile devices (according to research conducted by the Health Research Institute) – although not always in compliance with the existing HIPAA regulations.
The use of personal mobile devices in hospitals to transmit PHI was also identified as a risk when sensitive patient data was sent and received on open cell phone networks or accessed in public Wi-Fi areas.
Therefore, the regulations regarding hospital texting and HIPAA compliance were revised to safeguard the privacy of patients in HIPAA-covered health programs, and to protect individuals who were unaware of HIPAA compliant texting guidelines and were exposed to the threat of civil legal action.
How to Ensure Texting in Hospitals is HIPAA Compliant
In order to ensure HIPAA compliant texting in hospital, healthcare organizations should introduce an encrypted HIPAA compliant hospital texting platform. Encrypted texting platforms protect PHI within a secure closed network which only administrators and authorized healthcare professionals have access to.
The authorized individual´s personal mobile device still works as normal if the individual wants to use their cell phone, smartphone or tablet, to call or message with friends or browse the Web; however, emails should only be used for personal reasons and not to transmit PHI, as copies of email messages are made on routing servers as each message is in transit and they cannot be deleted remotely or permanently.
HIPAA Compliant Texting in Hospitals with TigerText
TigerText´s encrypted texting platform enables HIPAA compliant texting in hospitals by operating via a “software as a service” cloud-based application. Hospital administrators, healthcare professionals and sub-contractors who communicate PHI via their personal mobile devices will find using TigerText little different from their regular texting practices while staying within hospital texting and HIPAA compliance.
With no software to download or training required before HIPAA compliant texting in hospital can start, there is no need for IT departments to set up personal mobile devices or activate an application. System administrators will need a brief induction on how to manage TigerText´s HIPAA compliant hospital texting system, so that texting in hospital is HIPAA compliant and so that they get the maximum benefit from usage reports produced by the system.
The TigerText encrypted texting platform also has additional benefits which justify the cost of the system, improves efficiency within a hospital environment, and increases the standard of healthcare provided to patients:
- Authorized healthcare professionals can collaborate on as a team when using TigerText´s encrypted texting platform, even when they may be in different locations.
- There are no delays waiting for colleagues to access messaging accounts when TigerText is used for HIPAA compliant texting in hospital on personal mobile devices.
- Automatically generated read receipts provided by TigerText´s encrypted texting platform save time and money by eliminating follow-up calls to ensure the receipt of messages.
- Quick and secure text messaging enables fast decision-making when patient data is required to diagnose patient healthcare issues.