The Ultimate HIPAA Compliance Cure for Healthcare Companies Who Use SMS for Patient Communication

September 6, 2018

The Ultimate HIPAA Compliance Cure for Healthcare Companies Who Use SMS for Patient Communication

In today’s digital world, where 81% of Americans text regularly, it’s no wonder that SMS message exchange has become a popular mode of communication between caregivers and patients.

On the plus side, it means messages can be sent automatically and patients – especially Millennials and younger adults – tend to respond quicker and more consistently. Because texts are a written record, the exchange can be easier to understand and access, as opposed to a voice message.

Therein lies the biggest headache for healthcare companies when it comes to SMS: compliance with the 1996 Health Insurance Portability and Accountability Act (HIPAA) and other privacy regulations requirements.

All healthcare providers know that being vigilant about patient privacy is crucial. But the actual cost of non-compliance can be utterly staggering. As a recent Forbes article points out, “You can incur up to a $50,000 fine for each violation – which is to say, each text message. Texting PHI without permission is a serious infraction, and [you] should treat it as completely unacceptable.”

Traditionally healthcare providers have captured HIPAA consent on initial paperwork completed by patients. However, the SMS exchange (staff-patient) that occurs through a company-owned device or employee’s personal phone is not necessarily explicitly covered in traditional HIPAA consent forms.

This is where MultiLine comes in – the cure for your SMS communications compliance/consent concerns.

No spoonful of sugar necessary: easy, built-in HIPAA-consent based SMS

MultiLine has an “Opt In/Opt Out” feature that allows customers to explicitly collect HIPAA consent from a patient prior to engaging in SMS/Call/Voicemail communication with their staff. When an initial SMS is received from a patient or delivered to a patient by an employee, an explicit HIPAA consent message is sent to the patient’s cell phone and confirmation is requested. Communication through SMS is enabled only after a positive consent is received from the patient. This is an auditable consent and can be produced upon demand to demonstrate compliance.

Proper data treatment includes encryption & redaction

There are increasing trends of patient-staff exchanging electronic protected health information (ePHI) or other sensitive personally identifiable information (ePHI) while being engaged on an SMS exchange. This poses a serious privacy threat and leaves an area of exposure that must be proactively addressed… or $50,000 fine per each infraction, here you come!

Complementary to the explicit consent feature, MultiLine also allows customers to define a dictionary of word/terms/types/conditions/keywords that, when encountered in an SMS exchange, will be redacted from the exchange and not stored. This feature enables healthcare companies to enforce their HIPAA privacy rule to not exchange ePHI over defined exchange channels like SMS if your company chooses to reduce risk of exposure further.

Encryption is also critical to HIPAA compliance. As Forbes notes, SMS is not inherently an encrypted medium. This is a weakness that can be easily exploited, as anyone who intercepts unencrypted private data can read it. And iPhone users are not exempt; while there’s a broad assumption that all iPhone SMS messages are encrypted, the truth is that is only the case when both users have Apple devices. That means most text messages sent by a healthcare company to an user’s iPhone are not encrypted.

The Movius platform, which powers MultiLine, is hosted by IBM® Bluemix®, providing a secure cloud platform that you can trust, built on best-in-industry security standards. All texts (and voice calls) are encrypted with ironclad security, meeting enterprise-grade standards.

A secure texting solution is vital to the health of your compliant patient-caregiver communication methods, and MultiLine features, along with dedicated corporate lines with recording capability, provide healthcare providers and other caregivers compliance peace of mind. And it also relieves the huge financial burden associated with buying corporate-owned devices – the old-school way to have corporate assigned phone numbers.

For more information about how MultiLine can make your SMS texting/compliance issues all better, schedule a demo!

Subscribe for the Latest Posts

Ready to Learn More?