Secure Text Messaging the HIPAA Way Micheal Goodwin December 11, 2015

Secure Text Messaging the HIPAA Way


According to the PewResearchCenter, in 2015 97% of American’s use text messaging on their mobile phones.  Furthermore the report states that text messaging is the communication method smartphone users prefer to use.  While this is true in our private lives it is also true that its ease of use and timely delivery of information would be of great benefit to healthcare providers.  But, as we know, text messaging itself is not secure and therefore not considered a viable tool to providers in its native form.

When The Final Omnibus Rule was enacted in March 2013 it tightened the Health Insurance Portability and Accountability Act (HIPAA) guidelines covering how healthcare organizations may use texting for Electronic Personal Healthcare Information (ePHI).  Because text messages are sent “in the clear” and can be easily viewed on phones that are lost or stolen as well as easily be sent to the wrong person, healthcare organizations must take extra measures to ensure the security and privacy of messages sent via text messaging or SMS.

So guidelines were set that text messages and user accounts governed under ePHI or HIPAA must:

  • Have unique usernames and passwords for authorized users;
  • Be able to be monitored for HIPAA compliance;
  • Be encrypted to NIST standards;
  • Be able to be remotely wiped; and,
  • Be stored in HIPAA-compliant hosting.

As previously stated — text messaging cannot do this in its native form.  This is where secure text messaging from Server@Work steps into the picture.  Our preferred messaging solution meets all the HIPAA guidelines and is still simple to use.  Messages may be securely sent with the secure messaging app using employees’ personal smartphones or company issued iPhones, Android or tablets.  There is also a web-based version of secure messaging that works from Windows PC’s and Macs.  Secure messaging SMS integrates with many healthcare systems and nursing on-call systems.

Licensing is easy as well.  While your employees must be licensed, any external contacts you communicate with such as doctors, nursing home administrators, or nursing staff outside your organization do not cost anything.  In this way you can securely communicate to HIPAA standards with your internal staff and the people outside your organization that you with whom you exchange messages and ideas.

Setup of your messaging application takes a couple hours and then you are ready to deploy in days instead of weeks or months.  At only $6/employee each month you can easily speed up and increase communication without spending a fortune.  Free trials and proof of concept setups are available.