With the onslaught of the wireless media; hospitals and healthcare providers have been taken in into its sway. Email is an ineluctable part of our lives. However, in the context of the healthcare sector, it has to be a qualified medium of communication, simply because healthcare providers and hospitals have to comply with requirements set out in Health Insurance Portability and Accountability Act (HIPAA), a landmark federal legislation that seeks to protect health information.
Email and texting under HIPAA need to be seen in the interesting, contradicting context of a dramatic increase in number of emails and texts sent out via smartphones in the US on the one hand, and the HIPAA’s attempts to tighten laws for protecting health information on the other. There is a strange paradox between the enactment of HIPAA and the phenomenal increase in the volume of information sent out from smartphones. Between 2007 and 2012, the number of texts sent out by Americans increased by over six hundred percent from about 30 billion to around 185 billion a month.
Given that HIPAA monitors the flow and control of Protected Health Information (PHI) from Business Associates and Covered Entities and that there seems no lid on the flood of emails and texts Americans sent out; there is a very important need for hospitals and healthcare providers to comply with the requirements relating to email and texting under HIPAA.
HHS does not prohibit the use of email and text for sending out PHI
In essence, recent Department of Health and Human Services (HHS) guidelines permit the use of texting and emailing as a means of sending out or receiving PHI. So, what is the way out if healthcare organizations have to both be in a position to help patients get quicker access to health information and still escape inviting penalties for sending out PHI?
Controls, controls and controls
Controls are the only answer. Email and texting under HIPAA are here to stay, because as we saw; there is no restriction on them. Yet, to stay compliant and avoid penalties, healthcare organizations have to devise a number of methods of ensuring that these are done securely without leaking PHI. Patient access requirements under HIPAA have to be met. Carrying out a thorough information security risk analysis lies at the core of this exercise.
Stay compliant with HIPAA’s new requirements
E-mail and texting under HIPAA have to also take into consideration HIPAA’s new requirements for providing electronic access of electronically held PHI to patients. Meeting these should offer healthcare providers an element of clarity about what information to provide and how, and how to ensure protection of that information before and after transmission.