Page 11 - 2021 Risk Reduction Series - Communication Part Two
P. 11
SVMIC Risk Reduction Series: Communication
number, forwarded by the intended recipient, or intercepted
while in transit. These types of apps have no way to verify
authentication, which is required by the Security Rule, and
provide no mechanism to block unauthorized access.
Secure messaging solutions resolve texting issues by
encapsulating PHI within a private communications network
that can only be accessed by authorized users. Access is gained
via secure messaging apps that function in the same way
as commercially available messaging apps but with security
mechanisms in place to prevent an accidental or malicious
disclosure of PHI. Once logged into the app, authorized users
enjoy the same speed and convenience as SMS or IM text
messaging but are unable to send messages containing
PHI outside of the communications network, copy and
paste encrypted data, or save data to an external hard drive.
Should there be a period of inactivity on the app, the user is
automatically logged out. All activity on the communications
network is monitored to ensure 100 percent message
accountability and to prevent texting in violation of HIPAA. If a
mobile device that has a secure messaging app is lost or stolen,
administrators have the ability to remotely wipe all content
received or created on the app and PIN-lock it to prevent further
use. These solutions are typically utilized in large practices,
clinics, and hospital systems where smart phones, other mobile
devices, or secure apps are provided to the practitioners to
ensure all are on the same secure network for texting.
3
3 https://www.hipaajournal.com/texting-violation-hipaa/
Page 11
