Careless communication can get HIPAA-covered companies into a world of trouble. Nevertheless, many health care professionals fail to secure protected health information (PHI) in their communication. Unsecured messages put your organization at risk. An unauthorized user could get ahold of the device, a user could copy or screen capture information, or a hacker could access unencrypted messages through public Wi-Fi. Therefore, to avoid these dangers, you must choose HIPAA-compliant communication.
But what types of communication are HIPAA compliant? There are many myths about communicating PHI that you should be aware of. Let’s look at a couple common ones and see what HIPAA actually requires.
HIPAA Myths
Myth: iMessage is encrypted, so it is okay to send PHI through iMessage.
Fact: It is not safe to use iMessage to send PHI. Although iMessage is encrypted, Apple keeps a 30-day cache of messages on its servers, and users can use iCloud Backup to save and store messages. Furthermore, HIPAA requires that messaging platforms be secured in other ways, such as a unique login and PIN for users, message monitoring, and automatic logoff. iMessage and many other instant messaging platforms fail in these areas.
Myth: You can get a patient’s permission to text or email their information.
Fact: Texting and emailing patient information is a legal grey area. Nevertheless, most health care professionals use text or email to send PHI daily. See this article to read more about texting and emailing patient information. You can make an agreement with a patient to send unsecured messages. However, it’s much safer to use a secure platform.
So, How Do I Safely Communicate PHI?
Although there are many “don’ts” when it comes to sending PHI, it’s still important to communicate quickly and efficiently. Instead of text or email, consider using a HIPAA-compliant alternative: secure messaging. A 2015 study by the Tepper School of Business at the Carnegie Mellon University found that there were 27% fewer patient safety incidents and 30% fewer medication errors when secure messaging was used. Therefore, security is just as important as speed and efficiency.
Secure messaging platforms are designed to comply with HIPAA. If you feel that your team needs a secure communication tool, there are many third-party apps available. Ultimately, you must not put ease over security. Make sure you know what HIPAA requires before you make a decision for your organization.
Are you up to date with HIPAA?
Check out our cheat sheet for staying up to date with changing regulations!
READ MORE: Myth vs. Fact: HIPAA Training Requirements