 |
 |
iphone text messaging and HIPAA
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2012
Location: LaLaLand
Status:
Offline
|
|
In the hospital I work at, I have been noticing a lot of doctors and nurses texting patient info like release dates, second opinion requests, etc.
According to HIPAA, if the phone is lost or hacked, and the data is released publicly, then the doctors and hospital are open to all kinds of law suits.
My boss asked me to look for a solution to look for a solution, and so far the only thing I can find for secure texting that is HIPAA complaint is this app called Tigertext which is on a closed network and will delete text messages on all phones after X period of time.
It doesn't seem to cost much and at least would allow doctors to text without a HIPAA problem. Also it is an iPhone and Android app, but most of the doctors seem to have iPhones.
Is this really HIPAA complaint, or am I missing something?
Summary of the HIPAA Security Rule
Is anyone else using this? Any feedback?
I installed it on my phone and tried it, and it seem easy to use and does the job, but I would like to know about any other alternatives, or is Tigertext the only one that does this?
Also, is there such a system for emails as well?
|
|
_
With health comes care.
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Not a direct answer to your question, but iCloud includes a "remote wipe" feature as part of Find My iPhone, and is free.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
There may be a good taste issue using TigerText.
The "Tiger" is Tiger Woods, as in "Tiger Woods got caught when his wife read his text messages to groupies".
I'd also question the security of their server.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
Also, FWIW, iPhones can be password protected and set to wipe themselves after a number of incorrect tries.
Also, FWIW, anyone who knows this exists and doesn't do it is being really, really stupid.
I don't know how realistic it would be to implement requiring this as a policy, but you'd be doing everyone a favor.
(Last edited by subego; Apr 5, 2012 at 05:58 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2012
Location: LaLaLand
Status:
Offline
|
|
Hey, thanks for all the reply's.
I didn't know about the Fin My Phone or the password protect for iPhones, but seem like a good precaution, but unlike Tigertext it doesn't take care of the other person you send the text to.
I did find this recent article on the BYOD issue and it talks about Tigertext and the feature in which network admin can delete messages from the lost of stolen phones, which I thought was an interesting feature.
Tigertext – the future of HIPAA compliant text messaging for hospitals and doctors, and the solution to doctors BYOD requirements | From the Frog's Mouth
I also like the discussion in this article about looking at a single BYOD solution, or piecing one together by using several solution, which I think is going to be a big challenge for IT departments in the future.
|
|
_
With health comes care.
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jun 2012
Status:
Offline
|
|
Using SMS to text protected health information (PHI) is a clear violation of HIPAA/HITECH. Furthermore, the Joint Commission issued a statement last November concerning texting orders, which now resides in their FAQ. This is a very large problem across healthcare and organizations are rapidly moving to find secure alternatives, so now is a great time to be researching your options. Companies in this space include: qliqSoft, TigerText, DocBookMD, Mobile Storm, Imprivata, docBeat, Doc Halo, DoctorCom, OnPage, Medigram, SquareLoop.
You should expect that all of these companies have credible responses to security and how they support HIPAA/HITECH compliance. Other things you might want to consider in evaluating these solutions: what devices are supported (including smartphone, tablets, as well as computers); is this a physician-only solution, or does it include other users across the organization; can the user expand their network of secure contacts both within the organization as well as outside of it; presumably all message traffic is encrypted end-to-end, but where does the information reside when at rest - inside your organizational control or on a centralized cloud-based server controlled by the vendor?
Good Luck!
(Last edited by Thorzdad; Jun 2, 2012 at 07:25 PM.
(Reason: mark-up issues))
|
|
|
| |
|
|
|
|
|
|
|
Administrator  Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Let's step back to what can be texted. Generally, a patient name (last name, first initial) and gender are not protected as long as nothing else is connected with that information. Texting "Mr. Jones has orders pending" is probably OK, but adding "for CBC and BMP stat" would be over the line. Texting "Ms. Martin needs to be seen" is probably a lot safer than "Ms. Martin needs a nursing assessment". Some doctors can handle this level of alerting staff about issues. However, this level doesn't cover what it seems these docs are wanting to do, and therein lies the issue.
If physicians are simply expecting that text messages are as secure as telephone communications are expected to be, and that they are as verifiably from them, there is a problem of education rather than a problem with technology. Of course I am also aware that far too many practitioners just do not think when they talk about patients, and do so in inappropriate places, but keeping them from saying "I thought this was just as good as a phone call" is a good first step.
If, on the other hand, they are instead just trying to save themselves some time, there is a much bigger problem to deal with - physician compliance with HIPAA in general. For some such physicians, I wish you all very good luck with that. Fortunately, there is one big stick to use against their disregard: revoking privileges. If the hospital doesn't take steps to prevent these violations, the hospital can be held responsible as well, and face similar penalties. That usually gets the suits to act against doctors who don't follow the rules...
|
Glenn -----OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Oct 2012
Status:
Offline
|
|
Making phone calls is too intrusive and email communication is too slow and most likely not catch physician attention. SMS/Texting has been proven more effective form of communication in this setting and evidence shows that lot of texting happens between medical professionals. In order to text, most likely both sender and receiver need a mobile phone unless they are using some kind of texting application. Most likely that staff are using their personal mobile to text since most practices do not provide such service to staff. Staff are reluctant to use their mobile phones for various reasons. Some do not have adequate texting plan and other fear of HIPAA violation, particularly when they are sending patient related information. Since these messages stay on the personal mobile, the family and friends have the ability to access the information. Moreover when mobile phone is lost or stolen or upgraded all the communication is accessible to the person acquired the mobile.
http://www.qliqsoft.com/blog/posts/everyone-needs-a-better-communication-tool-in-healthcare
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
