Page 20 - Part 1 Navigating Electronic Media in a Healthcare Setting
P. 20
SVMIC Navigating Electronic Media in a Healthcare Setting
Texting PHI
Healthcare providers and other HIPAA-covered entities have
embraced the mobile technology revolution and are allowing the
use of Smartphones, tablets and other portable devices in
hospitals, clinics and other places of work. Text messaging is not
expressly prohibited under HIPAA, but in order for a practice to
utilize texting, the practice must first put into place certain
safeguards. Depending on the content of the text message, who
the text message is being sent to or the mechanisms put in place
to ensure the integrity of the ePHI, texting can be in compliance
with HIPAA in certain limited circumstances.
Messages can be sent by text provided that the content of the
message does not include personal identifiers and that the
message complies with the minimum necessary standard. The
technical safeguards of the HIPAA Security Rule require access
controls, audit controls, integrity controls, methods for ID
authentication and transmission security mechanisms when PHI is
being transmitted via text. Among these requirements are the
following:
Access to PHI must be limited to authorized users who
require the information to do their jobs.
A system must be implemented to monitor the activity of
authorized users when accessing PHI, and those with
authorization to access PHI must authenticate their identities
with a unique, centrally-issued username and personal
identification number (PIN). Policies and procedures must be
introduced to prevent PHI from being inappropriately altered
or destroyed.
Page | 20
