Surgemail and hipaa3/19/2023 ![]() Overcoming the HIPAA Regulations for SMS, IM and Email It was for this reason that an exemption was made for the electronic communication of PHI between medical professionals and their patients. Any encryption solution used to securely communicate PHI between healthcare organizations, medical professionals, Business Associates and other covered entities would have to work across multiple operating systems and devices – and have a standard decryption key. ![]() It is not difficult to implement a channel of communication that requires users to log in, but to monitor all their online activity and have them log off when they are finished is much more complicated. ![]() These three security measures by themselves make it difficult for HIPAA covered entities to comply with the HIPAA regulations for SMS, IM and email. PHI must be encrypted in transit so that, in the event a message is intercepted on a public Wi-Fi network, the content of any message – and any PHI sent as an attachment – is “unreadable, undecipherable and unusable”.This measure is required to prevent unauthorized access to PHI if a desktop computer or mobile device is left unattended. Any mechanism used to communicate PHI must have an automatic logoff facility.This is so all communications containing PHI can being monitored and logged. Every authorized user must be assigned a unique login username and PIN number for whatever mechanism is being used to send and receive PHI.These safeguards require the introduction of access controls, audit controls, integrity controls, ID authentication, and transmission security to prevent unauthorized access to PHI. The majority of the HIPAA regulations for SMS, IM and email are contained within the technical safeguards of the HIPAA Security Rule. Importantly, the HIPAA regulations for SMS also apply to Instant Messaging services such as WhatsApp and iMessage, and to emails as well. The only resolution to these issues is to exclude any PHI from messages sent in SMS format. Although mechanisms exist to resolve these issues with SMS messages, they are rarely used.įurther issues exist due to SMS messages being unaccountable and because copies remain on the servers of service providers indefinitely. This is because they are not encrypted, cannot be recalled if sent to the wrong recipient, and can be intercepted on public Wi-Fi networks. ![]() Most SMS messages are not HIPAA compliant. ![]() The HIPAA regulations for SMS do not specifically prohibit the use of a “Short Message Service” to communicate Protected Health Information (PHI), but they do stipulate that certain conditions have to be in place before using SMS to communicate PHI is HIPAA compliant.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |