Secure Text Messaging for Healthcare

Secure Text Messaging for Healthcare

Changes to HIPAA Outlaw SMS and Email

If your organization is in – or associated with – the medical industry, now would be a good time to consider secure text messaging for healthcare. Recent changes to the Health Insurance Portability and Accountability Act (HIPAA) have introduced new rules relating to how Protected Health Information (PHI) should be communicated and many healthcare organizations and other covered entities are at now risk of financial sanctions and legal action should an avoidable breach of PHI occur.

The changes are unfortunate for some, as undoubtedly the use of personal mobile devices has revolutionized communications in the healthcare industry. The speed and convenience of modern technology is often favored to antiquated channels of communication such as pagers, and healthcare organizations benefit from the cost-savings of BYOD policies. However, the changes to the HIPAA regulations effectively outlaw unsecure channels of communication such as SMS and email.

Why the Changes were Necessary

The primary reason why SMS and email are no longer considered suitable channels through which to communicate PHI is because they allow unauthorized access to PHI. Unencrypted SMS messages can be intercepted over unsecure Wi-Fi networks, copies of emails remain indefinitely on ISPs´ servers and both SMS messages and emails can be freely accessed on a lost, stolen or unattended mobile device. A significant number of data breaches reported to OCR each year arise from lost or stolen mobile devices.

Consequently, the rules for communicating PHI over electronic devices were amended to introduce access controls, audit controls, integrity controls, ID authentication, and transmission security. Most mobile devices lack the necessary mechanisms to facilitate compliance with the revised HIPAA legislation; and, even if they did, it would be a logistical nightmare to enforce HIPAA compliant messaging policies.

Comply with HIPAA with Secure Text Messaging for Healthcare

Secure text messaging for healthcare overcomes the issues created by the changes to HIPAA legislation. Using secure text messaging apps, medical professionals can communicate encrypted PHI from a desktop computer or mobile device within a private communications network. The secure text messaging apps have all the functionality of commercially available apps and a familiar text-like interface, so none of the speed and convenience of modern technology is lost.

How secure text messaging for healthcare complies with HIPAA is through the use of mechanisms to prevent PHI being sent beyond a healthcare organization´s network. The secure text messaging solution also allows PHI to be remotely deleted from a user´s mobile device if it is lost or stolen, assigns message lifespans so that messages are removed from a user´s device once they have been read, and forces automatic logoffs following a period of inactivity to further prevent unauthorized access to PHI.