The HIPAA email encryption rules do not exclusively apply to emails, but to all communications which contain protected health information that was in electronic form before it was communicated – therefore attachments to emails, SMS and IMs are governed by the HIPAA rules for email encryption, but not faxes or voice-mail messages (unless they are saved in electronic form after they have been received, in which case the Security Rule provision for protected health information at rest applies).
What HIPAA actually says about email encryption is that covered entities must “implement a mechanism to encrypt and decrypt electronic protected health information”, and most communication experts agree that healthcare organizations who want to facilitate the communication of protected health information by email should double their encryption protection, so that encrypted communications are sent over an encrypted connection “just to be on the safe side”.
The experts´ wariness about the HIPAA email encryption rules is based on several possible scenarios in which a breach of protected health information could occur when it is communicated by email. For example:
The TigerConnect alternative to encrypted emails is a secure messaging platform, which works by allowing access to protected health information through a software-as-a-service “On Demand” app. The app can conveniently be used from any desktop computer or mobile device, while administrative controls safeguard the integrity of protected health information.
Access to protected health information is only available to authorized users who are assigned a unique username and PIN, and whose activity on the secure messaging platform is monitored by access reports and audit logs.
As all activity is contained within a private network, should a breach of protected health information be identified, administrators can remotely delete a message – unlike when the communication of protected health information is done by email – or remotely wipe the user from the system if their personal mobile device is lost or stolen.
The secure messaging apps have been purposefully designed with the end-user in mind; and medical professionals, business associates and third party service providers will find the text-like interface easy to become familiar with – making it less likely that they would revert to unsecure alternative channels to communicate protected health information.
Research conducted on mobile device users has found that messaging is by far the most popular form of mobile communication, with 92% of mobile users preferring it over email because of the speed of delivery. A further fact revealed in a 2012 survey was that respondents considered text communications to be more urgent than emails – and requiring an immediate response, rather than delaying an answer until it was more convenient.
In a healthcare environment, the speed of response and the implementation of action can have substantial benefits to patients; and there are additional benefits for medical professionals and healthcare organizations when secure messaging is used to accelerate patient concerns, confirm diagnoses, deliver lab results, and administer treatment.
Each of these features helps to streamline workflows, increase productivity and improve the standard of patient healthcare in a cost-effective manner, while maintaining the integrity of protected health information.
TigerConnect is the market leader in secure messaging solutions, and over 4,000 medical facilities currently use TigerConnect to communicate protected health information securely. TigerConnect’s secure messaging solution is inexpensive to implement and operate, and conforms to all the technical, administrative, and physical safeguards required by the HIPAA Security Rule.
You can find out more about how TigerConnect’s secure messaging solution complies with the HIPAA technical, administrative and physical safeguards in our “HIPAA Compliance Statement” which you are invited to download and read. Alternatively you are welcome to contact us and arrange a free demo of TigerConnect’s secure messaging solution in action
TigerConnect provides secure, real-time mobile messaging for the enterprise, empowering organizations to work more securely. TigerConnect’s encrypted messaging platform keeps communications safe, improves workflows, and complies with industry regulations.