HIPAA Compliance

You Aren’t HIPAA-compliant If No One Uses Secure Messaging

September 15, 2015 | Adam Turinas

In a recent post in Healthcare Info Security by Brad Keller of Santa Fe Consulting, Brad makes a great argument about HIPAA compliance.

Says Brad:”People have a false level of comfort that as long as I can check the box and meet my compliance standards, then I’m OK”

He argues that healthcare organizations have to go MUCH further than simply adopting HIPAA compliant solutions,HIPAA compliance has be part of the company’s culture. We couldn’t agree more.

One of the steps that healthcare organizations are taking is to mitigate against the use of unsecured text, where clinicians use their “regular” text app on their Smartphones to send each other PHI including images. Given the near ubiquity of Smartphones among healthcare workers, this is a ticking HIPAA time-bomb.

Many steps are being taken here including implementing BYOD policies, dictating blanket bans on texting and last but not least deploying secure texting solutions like Practice Unite, Tigertext and Cortext. These mobile apps are HIPAA-compliant in several ways including encrypting messages.


If your staff don’t use your HIPAA compliant mHealth app, you have not mitigated the risk

Blinding glimpse of the obvious, right? If no one is using the app, it doesn’t matter how secure the app is, it isn’t helping you become more HIPAA compliant. Anyone evaluating secure texting solutions should put as much focus on how your secure texting provider drives adoption of their solution as the security features included in their app.

We have heard several tales of woe lately, of healthcare systems who have purchased a solution six months ago and are now very disappointed in the level of adoption.

What can you do about this? If you are in the market right now for a secure texting solution, ask the solution providers the following:

  • What level of support do you provide in driving adoption at launch, during the first 90 days and over the first year?
  • How do you plan a rollout?
  • What do you consider to be the biggest adoption drivers of your solution?
  • What is the average adoption of your application across the medical staff and especially among the highest admitters?

In future posts, we will share what we see as best practice in driving adoption of secure texting solutions.

HFMA mhealth guide CTA banner