The texting of protected health information (PHI) has recently been in the spotlight due to changes enacted in the Health Insurance Portability and Accountability Act (HIPAA) regarding secure messaging. These changes affected many medical professionals working in the healthcare industry – due to the convenience of accessing and communicating PHI by text – and the organizations that employ them.
Due to the risk of PHI being compromised – and the fines that accompany a breach of PHI – many organizations have been reviewing their secure texting and HIPAA compliance policies, and this article aims to assist with the development and implementation of policies which complement existing guidelines to ensure compliance with HIPAA secure messaging regulations.
According to the HIPAA Privacy and Security Regulations, the rules about communicating PHI by text apply to medical professionals, health insurance providers, employers providing a HIPAA-covered health scheme and anybody who has access to PHI in a healthcare organization or health insurance clearing house.
Short-term associates, subcontractors and third-party service providers who require access to PHI in the course of their duties can become temporary “authorized users” if they sign a contract in which:
In order to comply with the HIPAA secure messaging regulations, all PHI must be encrypted to NIST standards, reside in a secure network and only accessible by authorized personnel with designated and unique user IDs.
Any communicating of PHI by text can only be done between authorized users, and the secure text messaging solution must have the facility to retract and delete text messages in the event that a text is sent to the wrong recipient or a personal mobile device used to access PHI is lost or stolen.
The secure text messaging system must be able to record the activity of authorized users and produce access reports and audit logs in order to comply with the HIPAA “Audit Protocol” and system administrators must develop privacy and security “best practice” policies that instruct authorized users on secure texting and HIPAA compliance.
TigerText’s secure text messaging application seamlessly integrates into healthcare organizations, replacing outdated or inefficient communication methods. Operating in a similar fashion to SMS messaging, the application allows authorized users access to PHI via an “on demand” virtual private network. The secure text messaging application surpasses all the criteria for secure texting and HIPAA compliance and automatically generates read receipts to confirm a message has been read and eliminate the need for follow-up calls and phone tag. The application also produces access reports and audit logs in order that administrators can monitor use in compliance with the HIPAA secure messaging regulations.
The TigerText secure text messaging application has been deliberately designed to be easy to install and simple to use; however, it is still necessary for organizations to develop “best practice” policies to ensure communication PHI by text remains HIPAA compliant.
TigerConnect is the market leader in providing secure text messaging solutions for healthcare organizations, and more than 5,000 medical facilities now use the TigerText application to ensure secure texting and HIPAA compliance.
Case studies have shown that HIPAA secure messaging can result in significant benefits for healthcare organizations – not only in terms of reduced costs and increased efficiency, but also in terms of the standard of care received by patients.
We have a dedicated team of advisors who can provide assistance with any question you might have in regard to HIPAA secure messaging; so why not contact us today for an informal discussion about your secure text messaging requirements, and find out how your organization can achieve secure texting and HIPAA compliance.
TigerConnect provides secure, real-time mobile messaging for the enterprise, empowering organizations to work more securely. TigerConnect’s encrypted messaging platform keeps communications safe, improves workflows, and complies with industry regulations.