Three Steps to Secure Text Messaging

Ed Gaudet
Aug 01, 2013

In recent years, a number of secure text messaging applications have come to market to help healthcare organizations strike a balance between the clinical demand for more efficient communication technologies and the IT requirement to comply with HIPAA and information security regulations.

While most of these products claim to be HIPAA-compliant, not all of them necessarily have the authentication, encryption, auditing and other security controls in place to sufficiently safeguard protected health information (PHI). To help organizations properly evaluate secure text messaging solutions to ensure compliance with HIPAA and HITECH requirements, ecfirst has produced a whitepaper titled The CEO’s Guide to HIPAA-Compliant Text Messaging.

In the paper, ecfirst identifies the key steps an organization should take when assessing text messaging options:

Step 1: Policy – Establish an organizational policy

Step 2: Product – Identify an appropriate text messaging solution

Step 3: Practice – Implement and actively managing the text messaging solution

The whitepaper offers detailed, prescriptive language that healthcare organizations can use to develop a robust text messaging policy. It also contains a checklist of key functionality and capabilities that secure text messaging should have in addition to simply encrypting PHI.

In the paper, ecfirst also provides business recommendations when evaluating vendors beyond just product functionality. For example, healthcare organizations should only work with partners that provide HIPAA Business Associate Agreements for their secure text messaging solution and that have the ongoing training and producers in place to properly handle PHI in compliance with HIPAA and other regulations.

ecfirst also recommends that organizations select a secure text messaging solution only if it has been thoroughly audited and certified by a credible third party, which provides HIPAA-covered entities that any potential risks to patient information have been sufficiently mitigated. This is especially important with the deadline to comply with the HIPAA Omnibus Rule looming, and we encourage any healthcare professional considering a secure text messaging solution should download the ecfirst whitepaper.