SMS may not need to be encrypted after all, according to recently published modifications to HIPAA rules. In “SMS and HIPAA: Yes We Can”, Robert Havasy – Project Specialist and Operations Manager at the Center for Connected Health – examines the subtext of the omnibus HIPAA rule, uncovering a new perspective on HIPAA-compliant SMS messaging that challenges a common industry assumption: patients can receive unencrypted data as long as they have been appropriately advised of the risk.
The HIPAA preamble marks “a fundamental and profound shift in the prevailing interpretation of the HIPAA Security Rule,” according to Havasy. “It reminds us that HIPAA exists as much to guarantee patients easy access to their records as it does to prevent the unauthorized disclosure by covered entities.”
“A whole new world of convenience has just opened up for patients.”