HIPAAcraticRx - The Prescription for HIPAA Compliance

HOME   |   THE RISKS   |  PATH TO COMPLIANCE  |  ADDITIONAL SERVICES  |  ABOUT  |  CONTACT

20 Hempstead Turnpike, Farmingdale, New York 11735 . (516) 200-6610 . info@hipaacraticrx.com

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon

© 2019 HIPAAcratic Rx -

Text Messaging and HIPAA Compliance

March 26, 2018

 

While texting patient information is not prohibited by HIPAA, it can also risky for both the patient and the provider. Providers who wish to text patients must take steps to strengthen the security of both the mobile device used for the text and the transmission of the text. This means adding additional levels of security, such as password protection of the message and periodic deletion of texts or transfer of the text message to the patient’s medical record. Providers should communicate the risks to patients and ensure that patients have the option to choose not to receive personal information by text. Providers should also adopt policies and procedures specific to text messaging and make appropriate changes to their Notice of Privacy Practices.

 

In addition, OCR recommends encryption when PHI is transmitted outside the organization in any electronic form, including texting. Encryption helps jumble the content of a message into random data until it's received on the other end and the original message is compiled back together again. This means if anyone intercepts the message, it's jumbled characters and symbols. This does not, however, protect messages from being seen if a device is compromised or accessed by a friend or family member.

 

Health care providers who use text messaging to communicate with patients or other health care providers should do so only if they can be assured that the text message is secure and the transmission is HIPAA compliant. HIPAA requires, among other things, that the provider (1) limits access to PHI to authorized users who need the information to do their jobs; (2) monitors access of users to the mobile device and text; (3) authenticates the authorized users; and (4) implements policies and procedures to prevent inappropriate alteration or destruction of PHI. Texting, without added security measures, will not comply with HIPAA requirements.

 

To read this article in its entirety, please visit Lexology. To learn more about HIPAA compliance, visit HIPAAcraticRx.

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Ransomware Costs Rise and Cause Downtime

July 16, 2019

1/10
Please reload

Recent Posts
Please reload

Archive