New HIPAA messaging guidelines were introduced in the “Final Omnibus Rule” of March 2013 which have implications for healthcare professions, health insurance companies, and employers who provide HIPAA-covered health insurance to their employees.
For the first time ever, the HIPAA SMS guidelines also apply to “business associates” (vendors such as fund administrators, brokers, and managers) who must now sign a Business Associate Agreement to access the patient health information they need to run their businesses efficiently.
The new HIPAA guidelines for texting became effective in September 2013 to allow sufficient time for organizations and individuals to revise their existing Business Associate Agreements and for policies and procedures to be revised
New HIPAA SMS guidelines were needed to eliminate the risk of patient health information being breached during the transmission or receipt of sensitive data, or while such data was maintained on a mobile device (cell phone, tablet, smartphone etc.).
Research had shown that more than 80 percent of physicians use mobile devices to communicate with their patients or access patient health information, while a further study revealed that 66 percent of patient health information breaches were attributable to mobile devices being lost or stolen.
The potential for breaches of patient health information has increased significantly since the original Health Insurance Portability and Accountability Act was enacted in 1996, when issues such as the following may not have
Consequently, the new guidelines for texting have brought the existing Health Insurance Portability and Accountability Act 1996 (HIPAA) up to date and revised the Health Information Technology for Economic and Clinical Health Act 2009 (HITECH) to account for advances in technology and changes in clinical work practices.
It is important to note that the HIPAA messaging guidelines “require appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic patient health information” and that the failure to comply with the HIPAA guidelines for texting can result in criminal and/or civil legal action.
Breaches of patient health information are of the biggest concern to the Office of Civil Rights (a branch of the US Department for Health and Human Services) who, since the Breach Notification Rule was introduced in 2009, has recorded breaches of patient health information affecting more than 22.8 million patients.
The major issue which is hoped to be solved by the introduction of new HIPAA SMS guidelines is to control who has access to patient health information and what they do with it – hence the new HIPAA guidelines for texting now also applying to business associates.
The focus of the HIPAA SMS guidelines is to protect patient privacy, but there are some other points within the Final Omnibus Rule that all organizations and persons who have access to patient health information should be aware of:
The simplest way of complying with the new HIPAA text messaging regulations is to take advantage of the secure messaging platform from TigerConnect. TigerConnect enables organizations and individuals to communicate via a secure virtual private network which fully complies with the new HIPAA messaging guidelines and ensures the integrity of patient health information.
TigerConnect’s secure messaging platform is a cloud-based software application which requires no hardware or training before users can start communicating via the program, and it also provides users with instant notification once messages have been received and read to save time on follow-up calls/SMSs to ensure that communications have been understood.
If you would like to know more about TigerConnect’s secure messaging platform – and how it complies with the HIPAA guidelines for texting – you are invited to download our white paper Top 7 HIPAA Omnibus Preparations Brief which will provide more information about both the Final Omnibus Rule of March 2013 and how you can avoid any unintended breach of patient health information.
It is important to note that the HIPAA text messaging regulations contained within the Security Rule section of the Act “requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronically transmitted protected health information.”
TigerConnect is the market leader in secure messaging solutions, and over 4,000 medical facilities currently use TigerConnect to communicate protected health information securely. TigerConnect’s secure messaging solution is inexpensive to implement and operate, and conforms to all the technical, administrative, and physical safeguards required by the HIPAA Security Rule.
You can find out more about how TigerConnect’s secure messaging solution complies with the HIPAA technical, administrative and physical safeguards in our “HIPAA Compliance Statement” which you are invited to download and read. Alternatively you are welcome to contact us and arrange a free demo of TigerConnect’s secure messaging solution in action
TigerConnect provides secure, real-time mobile messaging for the enterprise, empowering organizations to work more securely. TigerConnect’s encrypted messaging platform keeps communications safe, improves workflows, and complies with industry regulations.