What to Look for in HIPAA Compliant Texting
Many patients prefer to text, but what about compliance issues? Here are several things to look for in an HIPAA compliant texting service for your practice.
If you allow your patients to text you, you’re introducing a whole new level of convenience to their lives. There’s no need to wait on hold, or for a written reply through the post.
But getting HIPAA compliant texting right can be a little tricky.
Non-compliance with HIPAA can cost your business $50,000 per breach of the rules. Multiple breaches can add up to a fine in the millions.
Texting patients is possible. But HIPAA compliant texting is the only route forwards.
Don’t take a risk – use our guide to ensure your texting service follows the rules.
Protected Health Information
Protected Health Information (PHI) is a specific set of information about your patients. It’s anything that relates to their current health, medical history or payments for healthcare.
If you’re communicating PHI to patients, it must be in an encrypted form.
The popular messaging service WhatsApp uses end-to-end encryption. However, ‘traditional’ SMS messages aren’t encrypted at all.
If you intend on sending basic texts to patients, they should not contain any personal information.
A generic reminder to book an appointment can be permissible, for example. But only if it doesn’t name the reason for the appointment or make a reference to previous treatment.
Sending PHI through other services which are fully encrypted sounds like the solution. However, you’d be leaving yourself exposed.
This is because you can’t guarantee that the phone you’re sending the data to is secure. You have no idea what measures the user has put in place to prevent unauthorized use of their phone.
Phones get borrowed, sold, stolen and lost. Thus, you have no idea who is receiving the messages you’re sending. And the data stored in any messaging apps may be looked at by someone besides the patient.
How to Solve the Problem
You need to ensure that there are adequate protections in place to prevent access to data. To control that, you need your own secure communication platform.
By ensuring that data is encrypted while in transit and that the app has security controls in place to prevent unauthorized access, you’re able to message your customers while remaining HIPAA compliant.
This includes making rules so that customers have to pick passwords or other login codes which are secure. For example, you can make a rule to say that all passwords must contain a number, a special character, and be at least 8 characters long in total.
You could also look into biometric verification – fingerprints, for example, to ensure only a single unique user has access.
As part of your risk reduction strategy, you should ensure all users are given educational materials on using the service properly. Remind them that they should never share their login details or other identifying information.
Implementing HIPAA Compliant Texting
There’s more to HIPAA compliant texting than we have room for here.
If you’re intending on implementing text services for your patients, we can help to develop products which comply with HIPAA to help you do just that.
We offer a free 30-minute consultation session so that we can understand your needs and start offering ideas to solve your problems.