HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Secure Text Messaging for Healthcare

Secure Text Messaging for Healthcare

Changes to HIPAA Outlaw SMS and Email

If your organization is in – or associated with – the medical industry, now would be a good time to consider secure text messaging for healthcare. Recent changes to the Health Insurance Portability and Accountability Act (HIPAA) have introduced new rules relating to how Protected Health Information (PHI) should be communicated and many healthcare organizations and other covered entities are at now risk of financial sanctions and legal action should an avoidable breach of PHI occur.

The changes are unfortunate for some, as undoubtedly the use of personal mobile devices has revolutionized communications in the healthcare industry. The speed and convenience of modern technology is often favored to antiquated channels of communication such as pagers, and healthcare organizations benefit from the cost-savings of BYOD policies. However, the changes to the HIPAA regulations effectively outlaw unsecure channels of communication such as SMS and email.

Why the Changes were Necessary

The primary reason why SMS and email are no longer considered suitable channels through which to communicate PHI is because they allow unauthorized access to PHI. Unencrypted SMS messages can be intercepted over unsecure Wi-Fi networks, copies of emails remain indefinitely on ISPs´ servers and both SMS messages and emails can be freely accessed on a lost, stolen or unattended mobile device. A significant number of data breaches reported to OCR each year arise from lost or stolen mobile devices.

Consequently, the rules for communicating PHI using electronic devices were amended to introduce access controls, audit controls, integrity controls, ID authentication, and transmission security. Most mobile devices lack the necessary mechanisms to facilitate compliance with the revised HIPAA legislation; and, even if they did, it would be a logistical nightmare to enforce HIPAA compliant messaging policies.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Comply with HIPAA with Secure Text Messaging for Healthcare

Secure text messaging for healthcare overcomes the issues created by the changes to HIPAA legislation. Using secure text messaging apps, medical professionals can communicate encrypted PHI from a desktop computer or mobile device within a private communications network. The secure text messaging apps have all the functionality of commercially available apps and a familiar text-like interface, so none of the speed and convenience of consumer-grade texting platforms is lost.

How secure text messaging for healthcare complies with HIPAA is through the use of mechanisms to prevent PHI being sent beyond a healthcare organization’s network. The secure text messaging solution also allows PHI to be remotely deleted from a user´s mobile device if it is lost or stolen, assigns message lifespans so that messages are removed from a user´s device once they have been read, and forces automatic logoffs following a period of inactivity to further prevent unauthorized access to PHI.

Platforms Providing Secure Messaging in Healthcare

While text messaging is often the most convenient way to communicate, HIPAA-compliant text messaging apps also support voice and video calls. Conversations can switch from text to voice to video for more in-depth communications through the same app. The apps also support telehealth services, allowing virtual care to be provided to patients in their own homes, with 1-on-1 communications and group chats and video calls also supported. The platforms also support the exchange of images to assist with diagnosis.

One of the key areas where secure messaging in healthcare offers significant advantages over other forms of communication is the role-based messaging feature and integration with scheduling. When an on-call cardiologist needs to be contacted for example, a message can be sent by role. The message will be routed to the on-call cardiologist instantly, without having to look up who is on duty. Apps providing secure messaging in healthcare also integrate with EHRs. The second test results are added to a patient’s record, an alert will be generated and sent to the care team, eliminating the need to keep checking the EHR.

Secure messaging in healthcare accelerates clinical workflows and has been shown to help accelerate patient throughput, reduce the potential for medical errors, increase patient satisfaction, improve clinical outcomes, and significantly reduce costs while ensuring compliance with HIPAA.