by Jeremy Beck.
Most clinic administrators have lost sleep wondering if their doctor’s texts are HIPAA Compliant. Is it okay for the doctor to receive and send sensitive patient data over their phone? What if they lose their phone?
So, are your doctor’s text messages secure and compliant? The answer under the HIPAA guidelines is yes as long as “administrative, physical and technical safeguards exist that ensure the confidentiality, integrity and security of electronically stored or transmitted private health information.” This statement might be even more confusing to you so let’s look below at somethings that might make this a bit clearer.
WHY ARE TEXT MESSAGES NOT SECURE?
– You Use SMS For Your Phone or Tablet
First, you likely use SMS for your phone or a tablet. SMS stands for Simple Message Service and is the underlying protocol that all text messages use. The primary transmission methods (protocols) used for SMS are not encrypted
– Text Messaging is, By Default, Not Secure
Text messaging by default is not sent or received in a secure manner although some cellular providers provide additional security methods. In other words, the messages can be intercepted and read as plain text.
WHAT CAN YOU DO ABOUT IT?
– Create Solid Clinic Rules
In order to safeguard against PHI data loss on these devices and to safeguard messages sent and received via text messaging, clinics need to have policies in place stating guidelines for what is acceptable use on portable devices and what to do in case of a breach.
– Encrypt it
The clinic should protect the transmission of data by encrypting it. There are many good products on the market that will provide secure text messaging as well as the ability to delete the data from a portable device should it become lost or stolen. Encrypting mobile devices like Apple, Android and Windows can be accomplished by using a 3rd party application such as Wickr, Gliph, MeOnCloud or WhisperSystems. These applications can help for SMS encryption and can help to ensure that patient data is protected.
– Erase the phone
Your doctors and staff might not like this response but applications need to be in place so that smartphones and tablet data can be remotely deleted. If the phone or tablet is lost or in question you can delete the data remotely.