Dedicated to providing the latest
HIPAA compliance news

Secure Text Messaging for Healthcare

Secure Text Messaging for Healthcare

Changes to HIPAA Outlaw SMS and Email

If your organization is in – or associated with – the medical industry, now would be a good time to consider secure text messaging for healthcare. Recent changes to the Health Insurance Portability and Accountability Act (HIPAA) have introduced new rules relating to how Protected Health Information (PHI) should be communicated and many healthcare organizations and other covered entities are at now risk of financial sanctions and legal action should an avoidable breach of PHI occur.

The changes are unfortunate for some, as undoubtedly the use of personal mobile devices has revolutionized communications in the healthcare industry. The speed and convenience of modern technology is often favored to antiquated channels of communication such as pagers, and healthcare organizations benefit from the cost-savings of BYOD policies. However, the changes to the HIPAA regulations effectively outlaw unsecure channels of communication such as SMS and email.

Why the Changes were Necessary

The primary reason why SMS and email are no longer considered suitable channels through which to communicate PHI is because they allow unauthorized access to PHI. Unencrypted SMS messages can be intercepted over unsecure Wi-Fi networks, copies of emails remain indefinitely on ISPs´ servers and both SMS messages and emails can be freely accessed on a lost, stolen or unattended mobile device. A significant number of data breaches reported to OCR each year arise from lost or stolen mobile devices.

Consequently, the rules for communicating PHI over electronic devices were amended to introduce access controls, audit controls, integrity controls, ID authentication, and transmission security. Most mobile devices lack the necessary mechanisms to facilitate compliance with the revised HIPAA legislation; and, even if they did, it would be a logistical nightmare to enforce HIPAA compliant messaging policies.

Comply with HIPAA with Secure Text Messaging for Healthcare

Secure text messaging for healthcare overcomes the issues created by the changes to HIPAA legislation. Using secure text messaging apps, medical professionals can communicate encrypted PHI from a desktop computer or mobile device within a private communications network. The secure text messaging apps have all the functionality of commercially available apps and a familiar text-like interface, so none of the speed and convenience of modern technology is lost.

How secure text messaging for healthcare complies with HIPAA is through the use of mechanisms to prevent PHI being sent beyond a healthcare organization´s network. The secure text messaging solution also allows PHI to be remotely deleted from a user´s mobile device if it is lost or stolen, assigns message lifespans so that messages are removed from a user´s device once they have been read, and forces automatic logoffs following a period of inactivity to further prevent unauthorized access to PHI.

Further Information about HIPAA Compliance

Secure text messaging for healthcare is just one of the measures that a HIPAA covered entity should implement to be HIPAA compliant. There are further regulations relating to how risk assessments should be conducted, how the integrity of PHI should be protected when it is not being communicated, and physical access to facilities in which PHI is stored that also need to be considered.

Further information about these regulations, as well as a section dedicated to the benefits of secure text messaging for healthcare, can be found in our “HIPAA Compliance Guide” – a free white paper that you are invited to download and read. Not every medical facility will require secure text messaging for healthcare but, for those that have implemented BYOD policies, our HIPAA Compliance Guide will enable you to evaluate potential vulnerabilities in your current communications system.