HIPAA and Secure Texting

HIPAA and Secure Texting

The Relationship between HIPAA and Secure Texting

The relationship between HIPAA and secure texting dates back to 2005, when the first HIPAA Security Rule came into force. That rule governed how Protected Health Information (PHI) should be safeguarded at rest and in transit to prevent inappropriate use and unauthorized access.

The Health Information Technology for Economic and Clinical Health Act (HITECH) strengthened the relationship between HIPAA and secure texting further in 2009; and, four years later, the Final Omnibus Rule enacted changes to the Security Rule to reflect changing work practices and developing technology.

The reason that the relationship between HIPAA and secure texting is now stronger than ever is that secure texting is regarded as one of the most cost-effective means of complying with the HIPAA Security Rule. It has been seen to accelerate the communications cycle, streamline workflows and enhance productivity, resulting in a higher standard of healthcare being delivered to patients.

How Secure Texting Achieves HIPAA Compliance

The secure texting element of the relationship relates to PHI in transit. While at rest, PHI is – or should be – encrypted. Secure texting provides a means to communicate encrypted PHI to medical professionals using different operating systems and devices, and a means for them to communicate PHI to each other to collaborate on patient healthcare, facilitate hospital admissions and accelerate patient discharges.

Secure texting achieves HIPAA compliance via the use of secure texting apps. Medical professionals and other authorized personnel can download the apps onto their desktop computers or mobile devices, and then use them – after authenticating their identity – to connect with a healthcare organization´s protected communications network.

The apps have safeguards in place to prevent PHI being sent outside of the healthcare organization´s network, copied and pasted, or saved to an external hard drive. Automatic logoffs prevent unauthorized access to PHI when a desktop computer or mobile device is unattended, and security measures enable the remote deletion of content sent or received by an authorized user if their personal mobile device is lost or stolen.

All activity on the network is monitored to ensure compliance with HIPAA and secure texting policies implemented by the healthcare organization, while access reports and security audits assist administrators with the ongoing task of conducting risk assessments to identify any vulnerabilities that may exist in the secure texting solution.

HIPAA, Secure Texting and the Communications Cycle

It was mentioned above that the relationship between HIPAA and secure texting accelerates the communications cycle. This is due to the security mechanisms put in place to ensure 100% message accountability, and features such as read receipts and delivery notifications. These mechanisms and features substantially reduce phone tag – leaving medical professionals with more time to attend to their patients.

The streamlining of workflows is more evident when secure texting solutions are integrated with EMRs. Not only can the task of updating patients´ notes be shared between any authorized members of the workforce with a Smartphone, but physicians can prioritize EMR alerts and better organize their workloads. The integration of secure texting solutions with EMRs can also be of benefit to healthcare organizations pursuing Stage 2 Meaningful Use.

Patients also benefit from “advanced EMRs” according to a study conducted by the Tepper School of Business at the Carnegie Mellon University. Researchers found that after secure texting solutions were integrated with EMRs in more than two hundred hospitals in Pennsylvania, patient safety issues decreased by 27 percent and there was a 30 percent reduction in medication errors.