[ Wednesday, October 29, 2014 ]


It May Be a Dirty Little Secret, But It's Not Necessarily a HIPAA Violation: Venture Beat has figured out that a lot of healthcare providers text using unencrypted devices operating over regular cellular networks.  Yes, they do.  And yes, many of us strongly urge against them doing so.  But it's not necessarily a HIPAA violation to do so.  As I would've commented on the post itself if it didn't mean letting Venture Beat "manage my Google contacts":

To say "This is a clear violation of HIPAA" is fatuous and false. It's not very secure and not very smart; it could be a violation of an entity's policies and procedures; it could in some instances be a violation if it is absolutely and legally unreasonable to use such a communications device in such a fashion. But HIPAA is scalable and technologically neutral; encryption IS NOT A REQUIRED ELEMENT under HIPAA.

HIPAA covered entities should conduct risk analyses and do their best to secure their data as much as possible, including eliminating unsecure texting wherever possible. But just because it's a bad idea doesn't mean it's against the law (or, in this case, against the regulations).

Jeff [3:35 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template