In simple terms, no, general text messaging is not HIPAA compliant. Perceived as a social and causal norm, text messaging is not the ideal means of sharing patient information in a healthcare setting. It is an informal exchange of messages that is easy, quick, and convenient. The HIPAA security rule has”national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity”. Therefore, normal text messaging on an smartphone device is missing an extra layer of security ensuring protection of personal health information.
On the bright side, there are growing number of HIPAA compliant text messaging platforms that can be leveraged by the healthcare industry ensuring patient confidentiality. This can be done by integrating HIPAA standards with text messaging thus creating a recipe for success- a HIPAA compliant text messaging solution. The big advantage here is that texting is second nature to most people, hence, a HIPAA compliant text messaging platform would be fairly easy to comprehend and use.
Technology is delivering HIPAA compliant text messaging
Continuous advancements in technology have encouraged the healthcare workforce to implement HIPAA compliant texting in their facilities. Two main stakeholders benefit from this innovation; the healthcare workforce and the patient. As we are in the midst of a full transition to value based care, our thought process and decision making is patient-centered.
Therefore requiring more coordinated effort across organizations as compared to fee for service models. Health care providers need to communicate among each other to efficiently come up with the best treatment plan for their patients. Hence, HIPAA compliant texting is an ideal solution to be in the loop of a patient’s follow up plan without physically being there.
HIPAA Security Rule
HIPAA already has standards in sharing confidential patient information. However, in terms of HIPAA compliant text messaging or emailing HIPAA information, the Department of Health and Human Services has introduced the Security Rule. “A major goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care”. HHS is in favor of experimenting with technology but has some rules to ensure patient confidentiality.
The point of interest of the Security Rule is to protect ‘Electronic Protected Health Information (e-PHI)’, There are 4 general rules to follow in order to make any app or electronic platform, essentially HIPAA compliant:
- Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit
- Identify and protect against reasonably anticipated threats to the security or integrity of the information
- Protect against reasonably anticipated, impermissible uses or disclosures
- Ensure compliance by their workforce
It can be inferred that patient data is not readily available to anyone. Authorized individuals only can access and manage patient information.. In addition, e-PHIs cannot be destroyed in an unauthorized manner.
HIPAA compliant text messaging platform: Hucu.ai
Piecing the information thus far, a HIPAA compliant text messaging app has certain rules to follow but is a superb addition to the healthcare industry on both the acute and pot-acute side. An example of a HIPAA compliant messaging app is Hucu.ai, which complies with the Security Rules of HIPAA..
- Non-HIPAA compliant fragmented communication using outdated 1-1 methods (phone, fax, paper, email and text) with no accountability
- Lack of visibility of individual patient risk among myriad treatment partners impacting timely care
- High staff turnover and lack of performance transparency.
- Easy and FREE patient-centered HIPAA compliant messaging apps, that allow various professionals across healthcare (hospitals, SNFs, Home Health, etc.) to communicate with each other in (i) context of patient, (ii) groups, or (iii) 1-1 direct-messaging.
- Patient risk visibility
- Built-in employee appreciation tools
Faced with such a pandemic, targeted and rapid containment measures are very effective. This has been shown by some countries that have achieved the stratification of their populations in terms of risk levels, while other countries have made no distinction in the measures adopted. Take Taiwan for instance. It was able to effectively control the spread of the virus by cross-checking health databases with customs data from January onwards. By quickly identifying and confining those people who had traveled to high-risk areas, as well as those at higher risk from the virus, the Taiwanese authorities were able to avoid many deaths and protected the most vulnerable citizens. By mid-March, only 100 people were infected and one person died from Covid-19 in Taiwan.
To concentrate efforts, prevent the epidemic from spreading rapidly through the population and protect those most at risk of death – the elderly and the frail – health data is definitely an invaluable asset. The use of data should be accompanied by a policy of systematic screening to enable rapid and appropriate management. If countries can’t know who is sick how can they target their efforts? How can they know how many people are infected and monitor the evolution of the epidemic? How can the countries ensure that those most vulnerable are effectively protected? It is important to have enough test kits available and is a necessity to screen the entire population at a higher risk of infection or with major health risks.
The World Health Organization recommends countries to massively test the population so that they can identify clusters of sick people, in order to follow the evolution of the virus and to quarantine people who are contaminated. Comprehensive testing is critical to avoid the epidemic spread and further contamination.
The biggest challenge lies in the ability to respond quickly by concentrating resources on the populations that need it the most and to avoid hospital overcrowding and non-targeted measures that generate a great loss of energy without being effective.
Comprehensive use of basic personal protective equipment is important to effectively combat the spread of the virus. The Covid-19 epidemic has tragically shown how difficult it is for Europeans to access sufficient protective equipment for preventing the spread of the virus.
Masks are in short supply in pharmacies around the world and within different health facilities. Many primary care doctors around the world are not equipped despite the demonstrated usefulness of masks in preventing contaminations. It is essential to enable all healthcare professionals and vulnerable people to be equipped with masks, protective personal equipment, and hydro-alcoholic solutions to protect themselves from the virus.
The government also needs to control groups of people who are stealing stocks of personal protective equipment from healthcare facilities and selling them in black market.