Myth vs. Fact: HIPAA-Compliant Communication


Careless communication can get HIPAA-covered companies into a world of trouble. Nevertheless, many health care professionals fail to secure protected health information (PHI) in their communication. Unsecured messages put your organization at risk. An unauthorized user could get ahold of the device, a user could copy or screen capture information, or a hacker could access unencrypted messages through public Wi-Fi. Therefore, to avoid these dangers, you must choose HIPAA-compliant communication.

But what types of communication are HIPAA compliant? There are many myths about communicating PHI that you should be aware of. Let’s look at a couple common ones and see what HIPAA actually requires.


Myth: iMessage is encrypted, so it is okay to send PHI through iMessage.

Fact: It is not safe to use iMessage to send PHI. Although iMessage is encrypted, Apple keeps a 30-day cache of messages on its servers, and users can use iCloud Backup to save and store messages. Furthermore, HIPAA requires that messaging platforms be secured in other ways, such as a unique login and PIN for users, message monitoring, and automatic logoff. iMessage and many other instant messaging platforms fail in these areas.

Myth: You can get a patient’s permission to text or email their information.

Fact: Texting and emailing patient information is a legal grey area. Nevertheless, most health care professionals use text or email to send PHI daily. See this article to read more about texting and emailing patient information. You can make an agreement with a patient to send unsecured messages. However, it’s much safer to use a secure platform.

So, How Do I Safely Communicate PHI?

Although there are many “don’ts” when it comes to sending PHI, it’s still important to communicate quickly and efficiently. Instead of text or email, consider using a HIPAA-compliant alternative: secure messaging. A 2015 study by the Tepper School of Business at the Carnegie Mellon University found that there were 27% fewer patient safety incidents and 30% fewer medication errors when secure messaging was used. Therefore, security is just as important as speed and efficiency.

Secure messaging platforms are designed to comply with HIPAA. If you feel that your team needs a secure communication tool, there are many third-party apps available. Ultimately, you must not put ease over security. Make sure you know what HIPAA requires before you make a decision for your organization.

Are you up to date with HIPAA?

Check out our cheat sheet for staying up to date with changing regulations!

READ MORE: Myth vs. Fact: HIPAA Training Requirements

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Is the Telehealth you’ve adopted secure?

Many patients and providers who would not have normally considered telehealth as a regular way to access healthcare are now utilizing the services. Many patients are afraid to go the hospital or doctor office in fear of exposing themselves and loved ones to Covid-19. Luckily, doctors can still reach their patients and provide medical care online. After this pandemic is over, many suspect that telehealth will still be sticking around. Now may be a good time to consider how to make your telehealth services more secure.

Read More »