In March 2013, the Final Omnibus Rule implemented certain regulations within the Health Insurance Portability and Accountability Act (HIPAA), which included the introduction of a secure messaging system for healthcare organizations in order to protect the integrity of protected health information and the privacy of patients who were members of a HIPAA-covered healthcare program.
The Final Omnibus Rule also extended the reach of HIPAA to third party service providers (health insurance fund managers, brokers and administrators) and sub-contractors employed by healthcare organizations who have access to PHI, who must now comply with the same guidelines for secure text messaging as others in the healthcare industry.
In order for organizations to be compliant with the new regulations, guidelines for secure text messaging in a healthcare environment have been produced. The most important item within the guidelines is that all electronically-stored protected health information (ePHI) must be encrypted to NIST standards, and maintained on a system which facilitates secure text messaging.
The reason for ePHI being encrypted to such a high standard is that, if a breach of ePHI occurs, any data which is copied from or removed from the secure messaging system for healthcare organizations will be unusable, unreadable and indecipherable to any third party who accesses it.
The centrally-monitored system of secure messaging is intended to replace SMSs, pagers and emails – which are often copied on routing servers and are therefore neither “secure” nor HIPAA-compliant – and the integrity of the secure messaging system should be inspected regularly to ensure that healthcare professionals comply the guidelines for secure texting.
Research has shown that many healthcare professionals use their own personal mobile devices (Smart phones, tablets, PDAs, laptops etc) to access and transmit ePHI, and the secure text messaging healthcare guidelines state that it should be impossible for patient data to be saved to mobile devices or any other external device.
Furthermore, there should be a protocol in place for healthcare professionals to report a theft or loss of their mobile device so that the individual user can be deleted from secure messaging system for healthcare organizations and any sensitive data on their mobile device remotely removed.
The revisions of the regulations regarding secure texting between healthcare professionals were intended to reduce the significant number of ePHI breaches that were occurring each year; however, as a consequence of medical facilities implementing a secure messaging system for healthcare organizations, there has been a considerable number of additional advantages discovered – not least for patients who have benefitted from an improved level of healthcare services.
Case studies have revealed that secure text messaging for healthcare professionals has allowed medical staff to treat patients quicker and more effectively than through any other form of communication. The ability to securely text important PHI across various platforms and devices has created a more efficient workflow – both in home health settings and hospital environments – with the resulting benefit that healthcare professionals are able to attend to more patients each day.
Because data on the secure messaging system now has to be encrypted, the convenience of secure texting for healthcare professionals on a personal mobile device has been extended to included open cell phone networks or in areas with a public Wi-Fi service, which before risked a breach of ePHI if a communication was intercepted or compromised.
The revised regulations have resulted in multiple benefits for healthcare organizations, including cost savings, increased efficiency and the significantly reduced risk that they – or an employee, agent or sub-contractor – will be liable for a breach of ePHI.
By implementing the guidelines for secure text messaging between healthcare professionals, organizations can enable collaboration between medical teams via their personal mobile devices on important patient health issues, select pre-determined “lifespans” for messages so that transmitted ePHI can be deleted automatically, and integrate text message discussions relating to a patient´s care into the patient´s Electronic Medical Record (EMR) – something which had to be done by hand when messages were sent via unsecured SMS, pager or email.
A secure messaging system for healthcare organizations also produces “audit logs”, which enable administrators to check that authorized personnel are complying with the regulations for secure texting between healthcare professionals, and which can form part of the required risk assessments to ensure the integrity of ePHI within the messaging system.
TigerConnect’s secure messaging system for healthcare organizations surpasses the guidelines regarding secure text messaging between healthcare professions and allows authorized personnel access to encrypted ePHI via a cloud-based “on demand” application. The “Secure Text Messaging App for Enterprise” has been specifically designed to operate in the same way as traditional SMS messaging, so that the application is simple to understand and straightforward to use on personal mobile devices.
Medical personnel will not be inconvenienced when using TigerConnect’s secure messaging system for healthcare organizations as there is no software to download or training required. System administrators will also find that the application operates in such a way as to allow them to maintain control over the integrity of ePHI and ensure that the guidelines for secure texting between healthcare professionals are adhered to.
See how TigerConnect helps 6,000+ healthcare teams collaborate seamlessly across the hall or across the health system.
TigerConnect provides secure, real-time mobile messaging for the enterprise, empowering organizations to work more securely. TigerConnect’s encrypted messaging platform keeps communications safe, improves workflows, and complies with industry regulations.