Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Oct 24 2013   1:14PM GMT

Secure text messaging part of HIPAA compliance for call centers

Posted by: adelvecchio
call centers, HIPAA compliance, secure messaging, secure text messaging

th_1382638398_jon2Guest post by Jon Jansen, CTO, Doc Halo

It’s five o’clock and the office has turned the phones over to the call center for the night. What happens next could cost you. Your call center will be sending messages to physicians for the rest of the night. Office administrators often don’t give it a second thought but most messages sent today are inefficient or not HIPAA compliant.

Call centers have been sending messages to physicians’ pagers for years. Smartphones have now become the primary communication tool for most people, a trend that physicians have followed. As physicians get rid of their pagers, they will inevitably ask the call center to text them their messages. This scenario is a compliance officer’s nightmare.

Many compliance headaches can be avoided if the call center uses secure text messaging, something most call centers don’t know how to do. HIPAA-secure text messaging is not only about encryption, it also involves controlling the life cycle of the message.

I’ll go over encryption first. There are protocols that can handle encryption and sending secure texts. Wireless Communication Transfer Protocol can be securely transmitted over Hypertext Transfer Protocol over Secure Socket Layer. This protocol is still not widely supported in the software that call centers use.  Many call centers are stuck using the Telelocator Alphanumeric Protocol, which is dial-up and mostly used by the pager industry.

Controlling secure texts is critical to being HIPAA compliant, which requires that messages are tracked and able to be wiped at any time. Transmitting a secure text over public servers is not acceptable as it cannot be recalled from all servers. Controlling access to that message is vital as well. Some companies have turned to sending special links to view encrypted messages. The problem with this is that the link is usually sent in plain text, unencrypted and over public means. This is not HIPAA compliant either. The initial message can be intercepted as easily as any other message and the perpetrator then has access to the encrypted message.

What you want to ask your call center is, “Are you working with a reputable company that can send secure text messages and is HIPAA compliant?” Only secure texting companies that are built around healthcare have the expertise to navigate the intricacies of this complex problem. It’s time to ask your call center this important question before it’s too late and you’re staring down a fine from the Department of Health and Human Services.

Jon Jansen is CTO and partner in Doc Halo, a company that specializes in secure text messaging. He has an extensive knowledge of programming secure interfaces between hospitals, EMRs and physicians’ data. He has experience navigating through the entire life cycle of HIPAA and secure texting. Jon’s role at Doc Halo is to coordinate all of the behind-the-scenes programming and database creation and optimization, using his more than two decades of experience in this area.


Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: