Instant Messaging PHI - Where HIPAA Applies

Written by benefitexpress | September 6, 2016

Many offices now use some kind of intra-office electronic messaging, whether it’s Slack, Skype, or a company-specific program. While a great productivity tool, digitizing Protected Health Information (PHI) adds a whole new challenge regarding data security. 

Instant Messaging

Slack and Skype both encrypt their instant messages using best practices, which means it’s permissible to transmit PHI under HIPAA. There are; however, some additional concerns - like when instant messages flash across a coworker’s screen.

It’s important to be sure the coworker is expecting your message and to confirm their screen is private. In order to do this, they should confirm their screen is secure using all HIPAA guidelines before you continue your conversation.

In addition, instant messages should only be sent to one recipient at a time to avoid accidental disclosures. In order to be in compliance with HIPAA, all computer screens must be positioned so that only the authorized user can see the screen. If that is not possible or practicable, the screen may be filtered with a screen or hood. The screen should be configured to go blank or display a screen saver after a short period of time when left unattended, and to require a password after a longer time.

Video Calls

Skype, Apple FaceTime, and Google Hangouts all encrypt their video calls. This means that they are all acceptable to use to communicate PHI under HIPAA. Similar to Instant Messaging, all other HIPAA protocols must be in place to keep your screen secure. In addition, you must take precautions to ensure your conversation is not overheard. Conversations involving PHI should take place in an office or meeting room whenever possible to avoid others overhearing whenever possible.

Internet to Phone Calls

While video calls through Skype are encrypted, Skype calls to a phone line are not. You may not disclose PHI when using an internet service like Skype or another VOIP provider to call a telephone.

As tech becomes more intertwined with the way we do business, it’s important to ensure we continue to protect our information while using those new technologies.

Topics: HIPAA, Benefits Technology