Recent changes to HIPAA raise questions as to the compliancy of text messaging. Rest assured texting remains compliant, however the devil is in the details when it comes to the use of this messaging medium by your office or medical answering services.
Why the changes?
Recent HIPAA revisions acknowledge the commonality of texting in today’s mobile world, but identify the possibility of data compromise as vast (Wi-Fi/open cell networks, mobile device loss/theft), thus requiring:
The development of processes and procedures indicating who has access to private health information (PHI) and how it is used.
Risk assessments be periodically conducted to identify potential threats to PHI data integrity.
Established procedures on how breaches will be addressed, including cyber-threats, lost/theft, and proper device disposal procedures, such as the remote deletion of PHI. (Timely remotely deletion exempts the need to report breaches to the Office of Civil Rights (OCR).)
Encryption and physical data protection measures for individuals utilizing a mobile device to communicate PHI or access sensitive data.
The implementation of policies prohibiting the local storage of PHI on mobile devices.
Messages that are:
- Sent/received using a secured virtual private network
- Stored on-site/locally (to prevent cell networks from storing a copy of sensitive PHI)
- Monitored by a “secure texting administrator” to ensure the deletion of sensitive data in the event a security risk is identified.
No laughing matter
The consequences of HIPAA violations through this seemingly innocuous messaging medium include stiff fines, possible criminal charges by the OCR, and civil action by affected patients.
Safeguard your practice against HIPAA violations with medical answering services in-the-know on the latest HIPAA regulations. Contact MedConnnectUSA today.