HIPAA covered entities must implement the appropriate safeguards when transmitting ePHI. What does this mean for texts, secure file sharing, and HIPAA compliance?

For all HIPAA covered entities, secure file sharing and HIPAA compliance must go hand in hand.

Under the Health Insurance Portability and Accountability Act, it is the duty of all healthcare businesses to safeguard electronic protected health information (ePHI) at all times – meaning appropriate solutions must be in place for HIPAA compliant file sharing.

This includes the sending and receiving of text messages – something that an increasing number of healthcare professionals are doing when communicating with patients.

To comply with HIPAA, a covered entity must ensure the appropriate physical, administrative and technical safeguards are in place to send and receive text messages securely.

So, what does this mean for texts, file sharing and HIPAA compliance?

Secure File Sharing and HIPAA Compliance – Why It Matters

In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law.

Essentially, HITECH clarifies and strengthens certain aspects of the HIPAA Privacy and Security Rules through increased enforcement and higher penalties for non-compliance.

As some commentators have put it, HITECH puts the “force” into HIPAA enforcement.

In addition, according to HITECH, HIPAA compliance standards apply to any service provider that can access PHI. This includes providers of cloud-based storage, file sharing and text messaging services.

Fines for non-compliance can be positively ruinous for a healthcare organization – particularly small practices – and violations can even result in jail time for the individuals responsible.

Financial penalties range from $100 to $50,000 per violation, with a maximum penalty of $1.5 million per calendar year.

Total HIPAA penalties collected by the OCR in 2020 amounted to $13.5 million – putting the average fine for non-compliance last year at roughly $700,000. So far in 2021, the OCR has already collected $5.4 million in penalties for HIPAA violations.

(Image source: compliancy-group.com)

HIPAA Compliant Text Messaging and Secure File Sharing

Protecting sensitive patient information and health data is a crucial requirement when it comes to texts, file sharing and HIPAA compliance.

Unfortunately, however, consumer-grade text messaging apps – Facebook Messenger, WhatsApp, etc. – lack the access controls, audit controls and encryption necessary for compliance with HIPAA.

In addition, many popular file sharing services such as WeTransfer and Apple’s iCloud are also not HIPAA compliant.

There is, however, a solution.

Specialist HIPAA compliant text messaging, cloud storage and file sharing services are available, allowing healthcare professionals to enjoy the speed and convenience of sharing PHI via text and other electronic means while avoiding HIPAA violations.

When seeking a solution, HIPAA covered entities need to look for three things:

• Will the provider sign a Business Associate Agreement (BAA)? – Since text messaging, file sharing and cloud storage providers handle and have access to the ePHI a covered entity entrusts them with, these providers are classified as HIPAA business associates. Business associates must comply with HIPAA and HITECH – and sign a BAA with the covered entity outlining the respective roles and responsibilities of both parties regarding the safeguarding of ePHI.
• Does the solution provide the ability to perform audits? – Administrators must be able to audit users, especially when using mobile devices. Audit controls are necessary to record when ePHI is created, modified, accessed, shared or deleted. Look for a solution that provides a wealth of administrative controls, including access controls, reports and audit trails.
• Does the solution encrypt files both at rest and in transit? – Encryption is the only feasible way to prevent data being accessed by unauthorized individuals. Without encryption, the contents of any file or text message that is hacked, intercepted in transit, or simply resting on an unprotected device can be used by criminals to commit identity theft or other types of fraud.

Wisper MSG + Unison BDR = Compliant Backup, Recovery, and Messaging from Central Data Storage

HIPAA compliance is not an option when storing files, sharing files or sending text messages that contain ePHI.

At Central Data Storage, encrypted file sharing and HIPAA compliant data storage is what we do. We handle over 650,000,000,000 files a month, serving HIPAA covered entities in nearly every state across the US.

Our encrypted sharing mobile and desktop apps through WisperMSG are trusted by hundreds of healthcare professionals around the country.

Not only are they highly secure with beyond-military-grade encryption, they are also easy to use – no different, in fact, than regular, commercial instant messaging apps from a usability standpoint.

In the background, however, they run on an encrypted network, making them fully HIPAA compliant and come complete with a full range of access and audit controls.

We sign BAAs with all our clients and are approved by third-party auditors as 100% compliant with HIPAA, HITECH, as well as GDPR and State Laws.

More than just a software provider, we aim at Central Data Storage to work with our clients as true partners – providing round-the-clock advice, support and best practice guidance on developing, implementing and updating HIPAA policies.

At Central Data Storage, we make sure you have solutions in place so that file sharing and HIPAA compliance go hand in hand. Start with WisperMSG or UnisonBDR today. Call 1-888-907-1227 or email info@centraldatastorage.com for more information.