Sunday, January 17, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

Beware of HIPAA-Related Text Messaging Risks

by Corporate Compliance Insights
November 13, 2015
in GRC Vendor News
Beware of HIPAA-Related Text Messaging Risks

Recent blog post by LeClair Ryan Attorney Melissa (Lisa) Thompson offers tips to health care providers to safeguard patient confidentiality

Boston (11/13/15) — The ease, speed and efficiency of mobile device-based text messaging has made it a primary communications tool among doctors and other health care providers, covered entities and business associates. But this convenience can also lead to security risks, cautions Melissa (Lisa) Thompson, a shareholder in national law firm LeClairRyan’s Boston office.

“Unless preventive measures are employed, anyone with access to the mobile device will have access to the text message,” writes Thompson in a recent blog post at Information Counts, which focuses on the legal issues that arise from considerations of privacy, data security, information technology, outsourcing, e-commerce, the Internet and social media, cloud computing, big data and information management. “The text can be accessed when the device is lost, stolen or even when it is returned or recycled. Additionally, the protections implemented by information technology and other departments of covered entities and business associates, such as firewalls, may not cover texts, which can be intercepted and decrypted.”

Issues like these fall squarely under federal HIPAA (Health Insurance Portability and Accountability Act of 1996), which not only protects patient information from being accessed, but requires certain patient health information (PHI), to be accessible to patients and their authorized representatives.

“When text messages are used in patient care decision making, there is a potential risk of noncompliance if the provider is not able to accommodate the individual who requests access to their record,” adds Thompson, a member of the firm’s Healthcare and BioPharma & Life Sciences industry teams. “There is no single, easy answer when it comes to addressing texting concerns, but at a minimum, to satisfy the HIPAA-required risk analysis and management, a covered entity or business associate should include an analysis of mobile phones and other devices on which PHI and texts are created, received, maintained or transmitted.”

Health care entities can consider, among other options, adopting policies that require the deletion of all texts within a period of time, and using technology that can wipe information or remotely disable mobile phones if they’re lost or stolen, she advises. Other approaches include encryption and password protection, and implementing policies or guidelines limiting the type of information that texts contain: for example, not using patient names or other identifiers.

Thompson notes that organizations can also consider switching to secure messaging applications; requiring that texted PHI be added to the medical record, while providing a mechanism for doing so; and training workforce members about required texting policies and procedures. They should also impose sanctions for workforce members that violate the policies.

“Organizations may identify different levels of risk and institute different types and levels of controls,” writes Thompson. “Implementing controls related to texting can be difficult for an organization. The important thing is to take affirmative steps right now to analyze the risk and manage texting, rather than considering the risks and implementing appropriate controls only after a problem develops.”

She notes that the U.S. Department of Health and Human Services offers suggestions regarding mobile devices on its HealthIT.gov website.

To read Thompson’s full blog post, visit: http://informationcounts.com/hipaa-and-text-messaging/

About LeClairRyan

As a trusted advisor, LeClairRyan provides business counsel and client representation in corporate law and litigation.  In this role, the firm applies its knowledge, insight and skill to help clients achieve their business objectives while managing and minimizing their legal risks, difficulties and expenses. With offices in California, Colorado, Connecticut, Delaware, Georgia, Maryland, Massachusetts, Michigan, Nevada, New Jersey, New York, Pennsylvania, Texas, Virginia and Washington, D.C., the firm has approximately 380 attorneys representing a wide variety of clients throughout the nation.  For more information about LeClairRyan, visit www.leclairryan.com.


Previous Post

How to Draft an FLSA-Compliant Settlement Agreement, Part 2

Next Post

The Key to Meeting CMS Regulations

Corporate Compliance Insights

Related Posts

yellow job search box speech bubble

Fortune 500 Job Descriptions Are Still Biased Toward Men

January 12, 2021
cash

Banks Worldwide Amass $15B in Fines in 2020, U.S. Banks Account for 73%

January 11, 2021
cyber attack malware encrypted files and lock on cloud

Telos Announces Latest Version of its Next-Generation Cyber Risk Management Platform

January 7, 2021
Hologram of whatsapp logo over smartphone

Shield and TeleMessage to Deliver Direct Capture of Mobile and WhatsApp Communications

January 5, 2021
Next Post
The Key to Meeting CMS Regulations

The Key to Meeting CMS Regulations

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management culture of ethics cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights