How Does the Final Omnibus Rule Change Hospital Text Messaging Policies
On March 26, 2013, the U.S. Department of Health and Human Services announced the Final Omnibus Rule of the Health Insurance Portability and Accountability Act (HIPPA), a new rule that impacts hospital text messaging policies.
Hospital Text Messaging Policies and the Final Omnibus Rule
The Final Omnibus Rule is a set of final regulations that modifies HIPAA privacy, security and enforcement rules. It's particularly important for hospitals and healthcare providers that are preparing to implement SMS and text messaging solutions to communicate patient health information (PHI) and streamline internal communications.
The newly implemented regulations include:
- Strengthening the limitations on the use and disclosure of PHI, including the disclosure of PHI for marketing and fundraising purposes. It also prohibits the sale of PHI without the individual consent of the patient.
- The rule improves patients' rights to receive electronic copies of their health records upon request.
- Adoption of additional Health Information Technology for Economic and Clinical Health (HITECH) Act enhancements, particularly as they pertain to privacy breaches of health information. The HITECH Act, signed into law in 2009, specifically addresses privacy and security concerns associated with the electronic communication of personal health information.
The Final Omnibus Rule also requires hospitals that gather patient health information to bolster their security measures when it comes to sharing and discussing health information--both for internal purposes and with patients themselves.
As hospitals shift toward using mobile devices to streamline communications and improve efficiency, hospital text messaging policies described in HIPAA and the Final Omnibus Rule must be followed to avoid penalties and fines.
Hospital Text Messaging Policies: What You Should Know
In order to avoid non-compliance, hospitals must create an environment that allows text messages to be transmitted securely between mobile devices, whether they are corporate-owned or BYOD.
In addition, hospitals should consider the following:
- System administrators must be able to delete sensitive data remotely in the event that an employee's mobile device is lost or stolen. They should also have the ability to remove inactive or expired accounts from the system.
- Hospital text messaging policies should give hospitals total control when it comes to granting account access to electronic personal health information (ePHI).
- Patient data should be encrypted when sent as a message, file or attachment. This enables employees to use their own mobile devices without jeopardizing the security of protected information.
- Risk-assessment and performance tracking should be conducted on a consistent basis to expose potential system breaches and vulnerabilities.
- Your texting solution should mitigate the chance that employees and other personnel can store sensitive data on their mobile devices' local storage.
More Robust Hospital Text Messaging Policies with NetSfere
NetSfere offers a robust HIPAA-compliant text messaging platform that allows hospitals to optimize internal communications. The NetSfere messaging service enables your healthcare organization to streamlines communication and share patient information in compliance with HIPAA's Final Omnibus Rule.