Text Messaging and HIPAA Compliance
The latest changes to the Health Insurance Portability and Accountability Act 1996 have raised the issue of texting in HIPAA compliance. The easy answer is that under certain circumstances text messaging is HIPAA compliant, given that “administrative, physical and technical safeguards [exist] to ensure the confidentiality, integrity, and security of electronically stored or transmitted private health information.”
New regulations – who do they apply to?
The latest HIPAA regulations apply to employers who operate a HIPAA-covered healthcare scheme, insurance companies and healthcare professionals who provide health insurance and any third party service providers who have access to private health information (PHI).
Every organization has a responsibility to make sure that sub-contractors, administrators, brokers and employees adhere to the latest HIPAA regulations, to prepare staff on the procedures which must be used while communicating sensitive patient data and to educate on the outcomes of HIPAA violations and data breaches.
The failure to verify whether texting is HIPAA compliant in your specific environment, and in compliance with the latest rules concerning data security; might lead to criminal charges being brought on by the Office of Civil Rights – or civil legal suit being initiated by the patient.
How to Keep Text messaging HIPAA compliant
In order to keep text messaging HIPAA compliant, you need “secure text” – it is a process which encrypts messages which are transmitted from a secure server which has access to every local sensitive data, and which does not allow the phone network carrier to keep a copy of the message. You can access the secure messages at any time from any location with the help of an internet connection, unless it has been programmed to automatically expire or recalled to safeguard the integrity of private health information.
The mobile device’s owners can still use their tablet, cell phone or smartphone to gain access to personal emails, social media and SMS communications; however, in order to keep text messaging HIPAA compliant, sensitive information would be received and sent through a secure virtual private network. HIPAA compliance is assured as the administrator of secure texting has a choice to remove a user from the network. Along with deleting any sensitive information, which they might have had access to, if a risk to the security of private information is identified.
The changes in HIPAA regulations concerning Patient access of information from HHS and the Clinical Laboratory Improvement Amendments (CLIA) must be respected by entities subject to the HIPAA rules through modifications to policies and notices, and training of staff to reflect the new requirements. To get more details, join this HIPAA Compliance Virtual Boot Camp 2017 by expert speaker Jim Sheldon Dean who will cover all the bases on the new access rights under HIPAA and CLIA regulations. It will also provide vital information on how e-mail and texting should be handled, what to look out of and how to prepare for the worst case scenario.