Recent changes to the Health Insurance Portability and Accountability Act 1996 have raised the question is texting HIPAA compliant. The simple answer is that text messaging is HIPAA compliant under certain circumstances and provided that “administrative, physical and technical safeguards [exist] to ensure the confidentiality, integrity, and security of electronically stored or transmitted private health information.”
This article provides an overview of the safeguards required to ensure that any text messages sent, received or stored on a mobile device comply with the new HIPAA regulations. Know the answers to the question “is text messaging HIPAA compliant?”
The new HIPAA regulations apply to healthcare professionals, insurance companies who provide health insurance, employers who operate an HIPAA-covered healthcare scheme and any third party service providers who have access to private health information.
All organizations have a duty to ensure that employees, brokers, administrators, and sub-contractors conform to the new HIPAA regulations, to train all relevant members of staff on the procedures that should be used when communicating sensitive patients´ data, and to educate on the consequences of data breaches and HIPAA violations.
The failure to establish whether text messaging is HIPAA compliant in your particular environment, and comply with the new rules regarding HIPAA and data security, could result in criminal charges being brought by the Office of Civil Rights – or civil legal action being initiated by a patient – if sensitive private health information is compromised.
The revisions to the Health Insurance Portability and Accountability Act 1996 acknowledged that changes in workplace practices and technological advances meant that private health information is more commonly being communicated and accessed using mobile devices such as smartphones, cell phones, and tablets.
The potential for data being compromised in the workplace or in places of public access is vast due to individuals using public Wi-Fi or open cell phone networks. There is also the risk that private health information could be compromised when a mobile device is stolen, lost or sold, and consequently, text messaging is only HIPAA compliant when the following conditions are met:
(¹) When private health information has been breached, but the encrypted data can be deleted remotely, it will not be necessary to notify the patient or Office of Civil Rights provided that the data is removed in a timely manner.
Keeping text messaging HIPAA compliant is done by “secure texting” – a process in which encrypted messages are transmitted from a secure server which stores all sensitive data locally, and which prevents the cell phone network that carries the message from keeping a copy. Secure messages can be accessed at any time in any location where there is an Internet connection, unless they have been programmed to expire automatically or recalled to protect the integrity of private health information. The owner of the mobile device can still use their Smartphone, cell phone or tablet to access personal SMSs, emails and social media communications but, to keep text messaging HIPAA compliant, sensitive information will be sent and received using the secure virtual private network. Compliance with HIPAA is assured, as a secure texting administrator has the option to remove a user from the network, and delete any sensitive data they may have had access to, if a risk to the security of private health information is identified.
TigerConnect’s secure messaging platform keeps text messaging HIPAA compliant by using a secure, cloud-based application, which does not require the download of any software to operate and is simple to use. Most employees or sub-contractors will be able to text and stay HIPAA compliant without any training on how to use the application – although it is still vital that they are educated about the consequences of failing to protect the integrity of private health information.
The TigerConnect secure messaging system meets all the criteria required to use text messaging and be HIPAA compliant at the same time, and offers additional benefits which can increase the efficiency of the professionals in your work environment:
TigerConnect provides secure, real-time mobile messaging for the enterprise, empowering organizations to work more securely. TigerConnect’s encrypted messaging platform keeps communications safe, improves workflows, and complies with industry regulations.