The 1996 Health Insurance Portability and Accountability Act (HIPAA) introduced healthcare administrators and providers to Protected Health Information (PHI) regulations and the 2003 Privacy Rule required practices to take further steps to secure PHI. Due to technological advances in communication (using mobile devices such as smartphones, cell phones, and tablets) within medical centers, some providers and centers began texting patients.
Traditional SMS Text Messaging Is NOT HIPAA Compliant
While texting may be more convenient than using the telephone, it is a major problem—sending PHI over SMS text messaging is not compliant with HIPAA security measures! Public Wi-Fi and open cell phone networks hold the potential for data being compromised due to the fact SMS messages are not encrypted when they are on a wireless provider’s server. There is also the risk of compromised PHI when a mobile device is stolen, lost, or sold due to information being stored on the device. Unfortunately, millions of patients have been affected by hundreds of health data breaches in the last decade, leading to higher IT administrative costs, costly mediation, compensation to affected patients, and/or Office for Civil Rights criminal charges and finesof up to $50,000 per violation.
Texting with EASE IS HIPAA Compliant
Meeting multiple HIPAA requirements may be a difficult task for app developers who have little to no experience in the healthcare industry, but EASE was created by doctors. EASE allows hospital communication to securely catch up to today’s technology and desire for instant information while adhering to HIPAA rules and regulations, such as:
- End-to-End Encryption:Encryption and physical data protection must be in place for transfer of PHI or access to sensitive patient data to be HIPAA compliant. All messages within the EASE app are sent using AES 256-bit encryption (the same level of security used by banks and credit card companies).
- All Messages Deleted:PHI indefinitely stored on wireless carrier servers is not HIPAA compliant. With EASE, all texts, photos, and videos are deleted nightly from our servers and within 60 seconds of viewing them from the device.
- Periodic Risk Assessments and Audits:EASE leverages Amazon AWS and Kony platforms for the highest level of compliance. EASE is built on the SOC2-TYPE 2 certified Kony platform and independently audited with penetration tests and a Veracode Assessment to identify any threat to the integrity of sensitive patient data and procedures.
Protect Yourself from HIPAA Violations—Use EASE
The lack of encryption, the possibility of sending a text to a wrong number, the possibility of text messages in plain text being intercepted, and the fact that messages are stored indefinitely on service providers’serversmeans traditional SMS textmessaging is not HIPAA compliant. Safeguard sensitive PHI and choose EASE! Download our EASE app or brochures, check out our list of frequently asked questions, or contact us with any questions you may have today.