Unsecure channels of communication generally include SMS, email, and Skype because copies of messages are left on service providers´ servers over which a company has no control.
FREMONT, CA: With more medical professionals utilizing personal devices to communicate and collude on patient concerns, healthcare institutions must discuss the use of technology and HIPAA compliance.
Most forms of frequently-used communication are not HIPAA compliant. Unsecure channels of communication generally include SMS, email, and Skype because copies of messages are left on service providers´ servers over which a company has no control.
The security rule places a series of terms for technology to comply with HIPAA comprising:
• In transit or at rest, all Protected Health Information (PHI) must be encrypted.
• Each medical professional allowed to access and communicate PHI ought to have a unique user identifier so that the application of PHI can be examined.
• The employment of any technology to comply with HIPAA must have an automatic log off to prevent unauthorized admission to PHI when a device is left unattended.
There are plenty of other specifications for the use of technology and HIPAA compliance, some of which are as follows:
Issues with Encryption
The cause why encryption is so vital is that if a data breach of PHI occurs, any information that is acquired will be undecipherable, unreadable, and unusable. Even though tools exist to encrypt messages sent by message applications, SMS, and email, each user within a healthcare company must use the same operating system. They need to have the same encryption or decryption software in place for the mechanisms to be efficient.
