In addition to the scope of the two Acts being extended, guidelines for HIPAA text messaging software were also introduced. These guidelines affect how PHI is stored, accessed and transmitted, and require that HIPAA software for secure messaging has specific features in place. These features include:
- Healthcare organizations must introduce HIPAA texting software that would be administered from a central point and which protects PHI from unauthorized access.
- Risk assessments should be regularly conducted to ensure that the HIPAA software for secure messaging is being used correctly to ensure that text messaging is HIPAA compliant.
- All PHI stored within the HIPAA text message software should be encrypted in order to make it “indecipherable, unreadable or unusable” in the event of unauthorized access.
- The HIPAA texting software should not enable healthcare professionals or sub-contractors to maintain PHI on their personal mobile device memories.
- Procedures should also be put in place so that, in the event of a mobile device being lost or stolen, the device can be immediately removed from the system and any PHI-related text messages deleted remotely.