Is your organization sending PHI via mobile devices? You’d better check because if they are and get caught, you could face a HIPAA violation fine.
Recently, the U.S. Department of Health and Human Services fined a Philadelphia-area healthcare organization $650,000 to settle potential HIPAA violations after the theft of a mobile device compromised the PHI of hundreds of patients.
The stolen phone had protected health information of 412 nursing home residents. The Office of Civil Rights, which oversees and enforces HIPAA, found that this organization lacked the required risk management plan. The investigation found that the phone was unencrypted and not password protected.
According to Healthcare Finance, the information on the phone was extensive. It included Social Security numbers, diagnosis and treatment, medical procedures, names of family members and legal guardians and medication information.
What to do to make sure you don’t face the same trouble? Healthcare workers are going to text, no matter what policies are in place. But you can give them a secure messaging, HIPAA-compliant platform to use instead of regular messaging.
And if a phone is stolen, you can have administrative controls set up that 1) requires passwords so no unsavory characters can touch the PHI or 2) have remote wipe setup to erase all PHI after the fact.
To ensure the highest standards of patient confidentiality and overall data protection with regards to PHI and HIPAA, organizations must meet strict guidelines in the following categories:
If you want more information on how TigerText helps our customers comply with HIPAA regulations for administrative, physical and technical safeguards, please download our HIPAA Compliance Statement for more information. (link to new landing page for the HIPAA Compliance statement)
TigerText’s provides SSAE 16 audited data centers for end-to-end message encryption to help protect you from HIPAA violations. We stand behind our best-in-class solution so much, in fact, that we offer a $1 million guarantee – the only such guarantee in the industry. We will pay up to $1,000,000 of civil penalties if your organization is found in breach of the HIPAA Security Rule.