HIPAA Regulations regarding SMS
The increased use of personal mobile devices by healthcare
professionals to transmit and receive electronic protected health
information (ePHI) raises the question “is SMS HIPAA compliant?”
Recent changes to the Health Insurance Portability and Accountability Act (HIPAA) resolved some of the confusion about HIPAA compliance and SMS, and this article aims to simplify and summarize those changes.
The HIPAA regulations regarding SMS are fairly clear – if you are transmitting any form of ePHI, it should be done through a secure messaging system which complies with HIPAA Privacy Rule.
The HIPAA Privacy Rule applies to providers of health plans (insurers and employers included), health care clearinghouses (including administrators and brokers), and to any healthcare profession who transmits ePHI – ePHI being defined as “any information about health status, provision of health care, or payment for health care that can be linked to a specific individual”.
There are eighteen different “identifiers” which could link specific information to an individual´s identity and, even though these identifiers should be encrypted and stored in a secure database, should any of them be transmitted over an open cell phone network or in an area of publicly-accessible Wi-Fi, the sender would be in breach of the HIPAA regulations regarding SMSs and face criminal and/or civil legal action.
The use of standard texting or SMS in a healthcare setting makes it impossible to adhere to the HIPAA regulations regarding SMS; and the most practical way of dealing with these issues is to utilize a secure messaging system to encrypt all messages and maintain confidentiality of your patients’ information.
Authorized users of the secure messaging systems will find that sending secure text messages follows a process very similar to “regular” texting or SMS; and healthcare professionals should have no difficulty in understanding how to use the system, and how to attach documents (such as lab results) or images (of an injury) to their secure communications.
Recent changes to the Health Insurance Portability and Accountability Act (HIPAA) resolved some of the confusion about HIPAA compliance and SMS, and this article aims to simplify and summarize those changes.
The HIPAA regulations regarding SMS are fairly clear – if you are transmitting any form of ePHI, it should be done through a secure messaging system which complies with HIPAA Privacy Rule.
The HIPAA Privacy Rule applies to providers of health plans (insurers and employers included), health care clearinghouses (including administrators and brokers), and to any healthcare profession who transmits ePHI – ePHI being defined as “any information about health status, provision of health care, or payment for health care that can be linked to a specific individual”.
There are eighteen different “identifiers” which could link specific information to an individual´s identity and, even though these identifiers should be encrypted and stored in a secure database, should any of them be transmitted over an open cell phone network or in an area of publicly-accessible Wi-Fi, the sender would be in breach of the HIPAA regulations regarding SMSs and face criminal and/or civil legal action.
The use of standard texting or SMS in a healthcare setting makes it impossible to adhere to the HIPAA regulations regarding SMS; and the most practical way of dealing with these issues is to utilize a secure messaging system to encrypt all messages and maintain confidentiality of your patients’ information.
Authorized users of the secure messaging systems will find that sending secure text messages follows a process very similar to “regular” texting or SMS; and healthcare professionals should have no difficulty in understanding how to use the system, and how to attach documents (such as lab results) or images (of an injury) to their secure communications.
Comments
Post a Comment