No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

Beware of HIPAA-Related Text Messaging Risks

by Corporate Compliance Insights
November 13, 2015
in GRC Vendor News
Beware of HIPAA-Related Text Messaging Risks

Recent blog post by LeClair Ryan Attorney Melissa (Lisa) Thompson offers tips to health care providers to safeguard patient confidentiality

Boston (11/13/15) — The ease, speed and efficiency of mobile device-based text messaging has made it a primary communications tool among doctors and other health care providers, covered entities and business associates. But this convenience can also lead to security risks, cautions Melissa (Lisa) Thompson, a shareholder in national law firm LeClairRyan’s Boston office.

“Unless preventive measures are employed, anyone with access to the mobile device will have access to the text message,” writes Thompson in a recent blog post at Information Counts, which focuses on the legal issues that arise from considerations of privacy, data security, information technology, outsourcing, e-commerce, the Internet and social media, cloud computing, big data and information management. “The text can be accessed when the device is lost, stolen or even when it is returned or recycled. Additionally, the protections implemented by information technology and other departments of covered entities and business associates, such as firewalls, may not cover texts, which can be intercepted and decrypted.”

Issues like these fall squarely under federal HIPAA (Health Insurance Portability and Accountability Act of 1996), which not only protects patient information from being accessed, but requires certain patient health information (PHI), to be accessible to patients and their authorized representatives.

“When text messages are used in patient care decision making, there is a potential risk of noncompliance if the provider is not able to accommodate the individual who requests access to their record,” adds Thompson, a member of the firm’s Healthcare and BioPharma & Life Sciences industry teams. “There is no single, easy answer when it comes to addressing texting concerns, but at a minimum, to satisfy the HIPAA-required risk analysis and management, a covered entity or business associate should include an analysis of mobile phones and other devices on which PHI and texts are created, received, maintained or transmitted.”

Health care entities can consider, among other options, adopting policies that require the deletion of all texts within a period of time, and using technology that can wipe information or remotely disable mobile phones if they’re lost or stolen, she advises. Other approaches include encryption and password protection, and implementing policies or guidelines limiting the type of information that texts contain: for example, not using patient names or other identifiers.

Thompson notes that organizations can also consider switching to secure messaging applications; requiring that texted PHI be added to the medical record, while providing a mechanism for doing so; and training workforce members about required texting policies and procedures. They should also impose sanctions for workforce members that violate the policies.

“Organizations may identify different levels of risk and institute different types and levels of controls,” writes Thompson. “Implementing controls related to texting can be difficult for an organization. The important thing is to take affirmative steps right now to analyze the risk and manage texting, rather than considering the risks and implementing appropriate controls only after a problem develops.”

She notes that the U.S. Department of Health and Human Services offers suggestions regarding mobile devices on its HealthIT.gov website.

To read Thompson’s full blog post, visit: http://informationcounts.com/hipaa-and-text-messaging/

About LeClairRyan

As a trusted advisor, LeClairRyan provides business counsel and client representation in corporate law and litigation.  In this role, the firm applies its knowledge, insight and skill to help clients achieve their business objectives while managing and minimizing their legal risks, difficulties and expenses. With offices in California, Colorado, Connecticut, Delaware, Georgia, Maryland, Massachusetts, Michigan, Nevada, New Jersey, New York, Pennsylvania, Texas, Virginia and Washington, D.C., the firm has approximately 380 attorneys representing a wide variety of clients throughout the nation.  For more information about LeClairRyan, visit www.leclairryan.com.


Previous Post

How to Draft an FLSA-Compliant Settlement Agreement, Part 2

Next Post

The Key to Meeting CMS Regulations

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

supply chain

Only 1 in 4 Manufacturers Have High Confidence in ESG Readiness of Their Supply Chains, Survey Finds

by Staff and Wire Reports
January 27, 2023

Ever-evolving regulatory requirements, consumer demand and investor expectations are all forcing manufacturers to increase the transparency of their supply chain,...

cco pressure

Survey: CCO Pressure High, Resources Low

by Staff and Wire Reports
January 27, 2023

Too few organizations are embracing compliance culture, according to a survey by FTI Consulting and Ethico, which found that while...

growth what next

Growing Pains: Mid-Sized Auditing Firms Are Seeing an Influx of New Clients, But at What Cost?

by Jey Purushotham
January 25, 2023

The era of exponential growth among mid-tier accounting firms is upon us, driven largely by the trend of top-tier firms...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

Next Post
The Key to Meeting CMS Regulations

The Key to Meeting CMS Regulations

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT