Solved

HIPAA compliant text messages

Posted on 2010-08-30
2
449 Views
Last Modified: 2012-05-10
I'd like to know if anyone has used HIPAA compliant software to send text messages from email/outlook to cell phones of clinicians--may contain patient information, so it would have to be hipaa compliant
0
Comment
Question by:maharlika
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Expert Comment

by:aleghart
ID: 33560814
If it contains PHI, I don't see how SMS to cell phones can ever be HIPAA compliant.  The messages aren't encrypted.  You don't have an audit trail.  No verification the the data was received, opened, or by whom, and how many times.  No clinician would voluntarily give you cell phone logs (bills) to help with any of this auditing.

You still have the problem of verifying sender and recipient.  The recipient is just a cell phone number on a common wireless carrier.  It can intercepted as plaintext at many points along the way.

I've seen "secure SMS" marketed, but it uses SMS channel for text transmission, then client software on the phone for decrypting.  Seems like a bit of a kludge considering the size limit of SMS.  Encryption would typically increase the size of the transmission for the same size message.

At the point of running software on a cell phone, the next logical step would be to use encrypted email accounts on a smart phone.  Then, there is still one primary mode of communications...secure mail that is collected at the handset, home desk, or roaming location via secure channel...but still one Inbox.
0
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 500 total points
ID: 33571661
There are a number of suppliers offering a "secure SMS" solution.  Effectively they use a central SMS server which holds the "public" AES encryption codes for the recipient's device. The portable client sends an (unencrypted) receipt when the file in opened and decrypted with the device's "private" key so there is a paper trail.  The SMS header is used to identify that the rest of the message needs decryption so there isn't much wasted text.  Additonal security relies on the device having strong password protection to access the device itself in the event it is lost/stolen.  Something HIPAA doesn't really get to grips with.  
I tried a demonstration version of "secure SMS" (mentioning no brands) which worked well but then I changed the device's own password to a single character.  Once unlocked the utilitiy usefully decrypted the Inbox messages for all the Secure Texts in the mailbox.  A fault of the local security policy not the product.  
On the demo model message forwarding was blocked but copying to clipboard was possible.  Reply (limited to the sender) was reencrypted.
Encrypted email would be more useful.
We're still not using it with PID but partly this is due to a lack of legal experts with a good grounding in IT :)
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question