17 Nov Is live chat HIPAA compliant?
Most Americans use text messaging as their primary means of communication with friends, family and more. As they begin messaging with their care providers as well, it’s important for healthcare professionals to consider privacy implications.
The Health Insurance Portability and Accountability Act of 1996 became law long before text messaging emerged as most Americans’ preferred communication channel. Because the medical privacy law preceded mobile messages, they aren’t specifically covered in its text. However, HIPAA’s language does pertain to text messaging indirectly. Health care professionals have to understand how the legislation’s mandates apply to mobile messages. There’s a good chance you will be text messaging patients soon if you haven’t started yet.
You could face sizable penalties if you’re not ensuring your text message or live chat conversations with prospects and patients are secure. One single instance of unsecured communication can result in a $50,000 fine, Healthcare Business & Technology reported. Penalties for repeated violations can rise to more than $1 million in a single year. It’s in all medical practitioners’ best interests to ensure they’re communicating in a secure manner. However, most patients prefer some less-than-secure channels, such as their native SMS messaging apps.
Finding a secure messaging solution
Regarding SMS, The Joint Commission has already made the decision for you: It’s not secure, and thus is a violation of HIPAA. However, that doesn’t mean you should abandon patients’ preferred means of communication. There are secure solutions available that provide HIPAA-compliant messaging to ensure private medical discussions.
Some live chat services are built with HIPAA-compliant security measures in place. ApexChat, for example, provides a fully HIPAA-compliant chat service that keeps prospects’ and patients’ private health information secure. Using a solution such as ApexChat is much safer than messaging with your mobile device’s native SMS app.
Some chat services also integrate with users’ preferred mobile messaging apps. The native SMS option isn’t the only one available. Integrating your live chat solution with a HIPAA-compliant mobile messaging app can help you ensure text-based communications are secure.
The four HIPAA compliance factors
TJC didn’t specify mobile messaging as noncompliant with HIPAA. Instead, the organization outlined requirements that your typical native SMS app does not meet. These guidelines are called Administrative Simplification Provisions, according to Healthcare Business & Technology. Communications with patients, including your mobile messaging or live chat, should meet these requirements:
Audit controls: Your messaging solution should be capable of creating and recording an audit trail of all interactions containing ePHI. Any chat service that archives conversations and provides transcripts of all chats- not just the ones that result in leads – will probably meet this requirement.
Encryption: The solution should encrypt all messages while in transit and at rest.
Secure data centers: Data centers containing ePHI should feature a “high level of physical security.” The centers should also have policies for reviewing controls and should regularly oversee risk assessment procedures.
Recipient authentication: Any messages that contain ePHI should go to the intended recipient and the intended recipient only. If those communications end up in someone else’s hands that represents a HIPAA violation. Solutions should ensure messages are sent to the correct individual.
Maintaining HIPAA compliance in all communications is essential. Even a tiny slip could result in tens of thousands of dollars in penalties. Check your live chat service or mobile messaging solution to ensure all communications are secure in accordance with the Administrative Simplification Provisions.