HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HIPAA Messaging Compliance

HIPAA Messaging Compliance

Why HIPAA Messaging Compliance is Such an Issue

HIPAA messaging compliance is such a big issue because so many medical professionals now use a personal mobile device to support their workloads. According to a 2013 study by Wolters Kluwer, 44% of physicians use a personal mobile device to communicate with colleagues and nurses, 17% access patient data for healthcare reasons from their Smartphone, and 12% access patient data for billing information.

The significant volume of mobile device usage in many cases places the integrity of Protected Health Information (PHI) at risk. Physicians sending texts or emails to colleagues and nurses have no control over the destination of the message once it has left their mobile device. A lost or stolen Smartphone could expose PHI to the risk of unauthorized access, or PHI could be disclosed to a passer-by if a mobile device is left unattended.

According to statistics released by the US Department of Health and Human Services, the failure to safeguard PHI from unauthorized disclosure is the second most common reason for breaches of PHI. With the possibility of civil action and fines of up to $50,000 per day, HIPAA messaging compliance is more than just a compliance issue for healthcare organizations – it can be a financial issue as well.

Some of the Problems Associated with Unsecured Access

One of the factors not disclosed in the Wolter Kluwer study was how many respondents where using secure texting to communicate with colleagues and nurses. We would suggest it was the minority of respondents, considering the research revealed 24% of physicians use commercially available messaging apps to communicate.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Commercially available messaging apps lack the necessary security features to comply with the HIPAA Security Rule. They neither encrypt messages in transit, nor ensure the accountability of messages. Activity on commercial messaging apps is not monitored, copies of messages remain on ISPs´ servers indefinitely and there is no way to remotely remove messages containing PHI from a stolen Smartphone.

Other factors also impact on HIPAA messaging compliance. If physicians are able to access patient data from an unsecured Smartphone, there are no safeguards to prevent a third party with more malicious intentions from inappropriately altering or deleting PHI – or using the information of one patient to obtain medical care for themselves or a member of their family.

Ensure HIPAA Messaging Compliance with Secure Texting

Secure texting is a method of ensuring HIPAA messaging compliance that is simple to implement and cost-effective for healthcare organizations. Authorized personnel access an encapsulated communications network via secure texting apps – similar to those they are already using to communicate with colleagues and nurses.

After authenticating their ID with a unique username and PIN, authorized personnel can send text messages, attach images or engage in group discussion threads with other authorized personnel. All activity on the network is monitored to ensure HIPAA messaging compliance, and security mechanisms exist to prevent PHI being accidently or maliciously sent beyond the organization´s network.

With secure texting message accountability is ensured, a PIN-lock security feature prevents the disclosure of PHI if a mobile device is lost or stolen, and an automatic logoff feature clicks into place after a period of inactivity. As an extra precaution, administrators can set message lifespans so that texts containing PHI delete after a predetermined length of time.

Find out More about Secure Texting

Secure texting has been shown to accelerate the communications cycle in healthcare organizations, streamline workflows and enhance productivity. If you would like to know more about how you can ensure HIPAA messaging compliance with secure texting, you are invited to download and read our “HIPAA Compliance Guide”.

Our guide elaborates on the conditions that have to be in place to safeguard PHI both at rest and in transit, and contains case studies illustrating the cost-effectiveness of implementing a secure texting solution. Download our HIPAA Compliance Guide today, and take your first step towards HIPAA messaging compliance.