Learn about HIPAA compliant texting, why it’s important for your business, and how you can ensure that all of the messages being sent are secure.
HIPAA compliant texting is the transmission of information via text messaging that ensures that protected health information (PHI) remains confidential and secure. Without the use of secure messaging, your messages could be intercepted by a third party and expose sensitive data about patients. This means for you, as a business owner, if one of your employees sends patient information without following HIPAA Rules, you can incur significant fines from the Department of Health and Human Services (HHS).
Below, we answer your questions about HIPAA compliant texting, give examples of HIPAA violations, and discuss what messaging apps are HIPAA compliant.
HIPAA compliant texting is simply a form of text messaging that allows medical professionals to send and receive communications with patients and fellow professionals securely via a text messaging app while maintaining compliance with HIPAA.
Unfortunately, most popular messaging apps such as WhatsApp, Messenger and native SMS applications are not HIPAA compliant. As a result, they do not follow HIPAA regulations on technical, administrative and physical safeguards to handling sensitive data.
Instead, in order to text patients and colleagues safely and securely, you need a purpose-built HIPAA compliant texting application, such as the Encrypted Sharing solution provided by Central Data Storage.
To be HIPAA compliant, our Encrypted File Sharing solution is built with security in mind and encrypts your texts, making them unreadable by third parties. This means only the sender and receiver has access to the data being transmitted.
This is crucial. Your texts must adhere to rigorous standards for security and confidentiality so that PHI remains confidential and secure at all times during transmission. This means you need a plan in place for encryption, authentication procedures, user training policies and regular audits/testing to ensure compliance is being upheld.
In addition, you need an individual within your organization who is responsible for managing HIPAA compliance and ensuring best practices are being followed correctly by staff members.
When communicating PHI with the patient, the HIPAA covered entity must warn the patient of the risk of unauthorized disclosure if they decide to communicate via unsecured email or text and consent from the patient must be obtained and documented before communication occurs.
When communicating with non-patients, the covered entity must also ensure that its emails and texts are compliant with the HIPAA Privacy and Security Rules.
As is the case when texting patients, the best way to do this is to send emails and texts securely using a HIPAA compliant messaging app. This ensures that all emails containing PHI are encrypted at the point of origin, during transit and while in storage.
As such, PHI is protected against unauthorized access by third parties such as hackers who can intercept private data when it’s in transmission through public networks.
When it comes to communication with patients, the short answer is yes. The HIPAA Privacy Rule allows covered entities and business associates to use any reliable method of communication, including text messaging, as long as the patient agrees beforehand that the covered entity can communicate via SMS or phone call regarding their healthcare information.
Text messaging complies with HIPAA under particular circumstances, depending on the content of the text message, who it is sent to, or the security measures employed to guarantee the privacy of PHI.
Because of the complicated language utilized in the Privacy and Security Rules, there might be misunderstandings about texting being a violation of HIPAA. These regulations don’t mention texting directly, but they list several parameters that apply to electronic communications in healthcare.
It is acceptable to send texts provided that the content of the message does not include “personal identifiers.” For example, it is acceptable for a doctor to text a patient if the message satisfies the “minimum necessary standard” and the patient has been informed of the dangers associated with communicating personal information over an unsecured channel.
In addition, it is permissible to communicate through text when the technical safeguards of the HIPAA Security Rule are met.
The HIPAA Privacy Rule establishes national standards for protecting certain types of individually identifiable health information. The following rules apply when sending PHI via email and text channels:
WhatsApp lacks technical safeguards and is therefore not HIPAA compliant.
No, Discord lacks the necessary technical safeguards to comply with HIPAA regulations. As a result, it is not HIPAA compliant.
Put simple, HIPAA compliant texting is only possible with a purpose-built solution. At Central Data Storage, WisperMSG, our encrypted messaging and file sharing solution, is trusted by hundreds of medical professionals up and down the country and allows the secure sharing of PHI with patients and colleagues in full compliance with HIPAA.
As well as texts, WisperMSG encrypts email communications and any files attached to them.
We at CDS pride ourselves on working hand in hand with our clients to help them establish a robust HIPAA compliant text messaging and file sharing policy to protect their business.
Download our Encrypted File Sharing Checklist to get started on your HIPAA compliant texting journey. For more information, call 1-888-907-1227 or email info@centraldatastorage.com.