Accreditation

Q&A: A little more on texting PHI

Briefings on Accreditation and Quality, May 1, 2018

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Briefings on Accreditation and Quality.

  Earlier this year there was some confusion over CMS’ texting policies. The agency later confirmed that providers are allowed to text patient health information (PHI) using a secure messaging app. However, texting medical orders is still forbidden.

Chris Apgar, CISSP, is president and CEO of Apgar & Associates and former HIPAA compliance officer for Providence Health Plans. He spoke with BOAQ about texting policies and compliance. The following Q&A has been lightly edited for clarity. 

Q: What are the minimum requirements for a secure healthcare texting platform? 

Apgar: The minimum requirements would be in accordance with the National Institute for Standards and Technology. And that would be a level of encryption of 128 bits, so really what you’re looking for in a secure texting platform is something that at a minimum has a 128-bit encryption

If you look at it encrypted at that level, it becomes a safe harbor, so even if someone intercepts the text message it’s not a breach of PHI.

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Briefings on Accreditation and Quality.

Most Popular