Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

HIPAA Exposures Grow with the Use of Standard Messaging Apps in Healthcare Industry


HIPAA Exposures Grow with the Use of Standard Messaging Apps in Healthcare IndustryMessaging applications over standard consumer communication platforms are increasingly being used to streamline and facilitate workflow among healthcare providers and organizations. But along with the benefits of these applications also come the risk of data breaches and other HIPAA liability exposures. These exposures include the loss or theft of devices with stored protected health information (PHI), the lack of encryption in the messages, the use of technology in public spaces and network security.

Unfortunately, a recent survey conducted by a mobile messaging services developer, reflects a lack of awareness over this issue among healthcare executives and employees. According to the survey, only 8% of respondents indicated that their company prohibits the use of third-party messaging platforms, fewer than 50% indicated that their company has an official platform and, among those that do, a combined 27% adopted GChat or WhatsApp as the platform. Nearly one-third of respondents believed that corresponding through such platforms is completely secure while another 42% believed that it is generally secure.

Without the proper communication tools and measures to help prevent health data from being compromised, the penalties under HIPAA in the event of a breach quickly add up. Under HIPAA, each instance of unsecured exchange constitutes a separate event subject to a penalty.

Does this mean that healthcare facilities should move away from using messaging applications? According to the standards of the HIPAA Security Rule, it’s compliance that is key, not the implementation or avoidance of specific technologies. For example, an organization may approve texting once a risk analysis is conducted or implementing a third-party messaging solution that incorporates measures to establish a secure communication platform that will allow texting on approved mobile devices. Healthcare-designed messaging apps, for instance, differ from other popular messaging services (including SMS and email) in that copies of messages are not retained on routing servers and cannot be intercepted on public Wi-Fi. Encrypted personal health information is encapsulated within a unique communication channel that only authorized users can access once they have verified their ID with a username and password.

Critical for healthcare organizations is the adoption, dissemination and training of staff regarding the company’s official position on the use of messaging applications and advocacy on the use of platforms designed with HIPAA and the secure transmission of protected health information in mind. Also, critical in adopting a comprehensive risk management strategy is having a Cyber Liability insurance solution that addresses the specific exposures unique to healthcare organizations.

Axis Insurance Services provides Cyber/Privacy & Network Security coverage for healthcare and medical organizations and is happy to review the various exposures that exist and how a responsive insurance policy can be designed to address these risks. Just give us a call at (877) 787-5258.

 

Comments

comments

Blogged on: December 30, 2015 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions