HIPAA and your electronic communications

Checking your weather app on your phone for today’s forecast before you leave the house.
Tweeting your response to a news article.
Reading your e-mail on the light rail during your commute.
Paying for your coffee with your electronic wallet.
Liking your friend’s Instagram post.

Likely one or all of these activities describes part of your day. Electronic devices are ingrained in our daily habits and communication on them is second nature to most of us. We may rarely stop to think about the consequences of using them when corresponding with patients or using patients’ protected health information (PHI). However, if you are a healthcare provider, there are things that you must be aware of when using your device via text, e-mail, or social media.

Type of Network: Know what type of wireless or cellular network you are on when texting or e-mailing. PHI is vulnerable to being intercepted via unsecured networks such as the public WiFi at a local coffee shop or hotel. It is important to think about HIPAA security and privacy concerns whenever communicating with patients or other providers.

Size of Device: One area of risk when texting and e-mailing using a handheld device such as an iPhone, tablet or Android device is their size. They are generally small and can be easily stolen, thereby allowing PHI to be accessible to the thief. The device passcodes and biometric identifiers (such as touch ID on iPhones) may help to deter access but do not provide secure protection of the information contained in the memory of the device.

Internet: The internet can be a great way to advertise and/or educate your patients; however, it is vitally important to be sure the person managing this area of your practice understands the professional obligations pertaining to HIPAA. Think carefully before posting on the internet. Do not assume an online forum is private or secure. Be aware that information posted on the internet may remain there permanently, even if you delete your comment or post.

How can you ensure a secure electronic communication? There are methods available to assist with data security when transmitting PHI electronically such as encryption or subscription to a secure messaging service. For more information on securing your digital information, HealthIT.gov is an excellent resource that offers training materials and guidance on this topic.