SlideShare a Scribd company logo

Mosio White Paper: Simplifying HIPAA and SMS in Clinical Research

Mosio
Mosio

Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research

Health & Medicine
1 of 9
Download to read offline
Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research
Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 2 of 9 Table of Contents Abstract ..................................................................................................................................................................... 3   Introduction................................................................................................................................................................ 3   Definitions.................................................................................................................................................................. 3   HIPAA Defined .......................................................................................................................................................... 4   HIPAA Redefined ...................................................................................................................................................... 4   PHI and SMS: Evaluating Security Needs ................................................................................................................ 4   Solutions.................................................................................................................................................................... 5   Guidance................................................................................................................................................................... 6   Conclusion................................................................................................................................................................. 6   References................................................................................................................................................................ 6   Disclaimer.................................................................................................................................................................. 6   Appendix A: Guidance and Advice for Effective, Compliant Studies Using SMS...................................................... 7   Risk vs. Reward: Why Gray Should Be Your New Best Friend.................................................................... 7   The Consent Agreement: Protection for All Parties...................................................................................... 7   Good Questions Get Good Answers............................................................................................................ 8   Advice for Participants.................................................................................................................................. 9   The Last Word.............................................................................................................................................. 9   Questions? ................................................................................................................................................... 9  
Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 3 of 9 Abstract As the use of personal mobile devices became ubiquitous, the manner in which healthcare studies and clinical trials are performed expanded into the world of modern technology. With this evolution came the need to establish methods to protect the data, and to protect the rights of individuals providing personal health information. This paper focuses on the rapidly growing need to understand and practice the security issues associated with using Short Message Service (SMS) texts for transmitting Protected Health Information (PHI) in order to ensure the best possible compliance with The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Introduction In response to recent requests and questions, we researched ways to provide education for HIPAA compliance and to improve the ways that mobile text messaging services can be customized to provide clients with the best methods for ensuring secure PHI data. This paper provides background information and definitions for a basic understanding of HIPAA and PHI, how these regulations are translated into the real world, detailed information of our contributions to compliance and security, and guidance for clients' use. Definitions Term Definition HIPAA Health Insurance Portability and Accountability Act - enacted in 1996 by the United States Congress to ensure health insurance coverage for workers and to establish standards regarding electronic healthcare data. • The HIPAA Privacy Rule protects the privacy of individually identifiable health information (See PHI.). • The HIPAA Security Rule sets national standards for the security of electronic protected health information. • The HIPAA Breach Notification Rule requires covered entities and business associates to provide notification following a breach of unsecured protected health information. • The HIPAA Patient Safety Rule protects identifiable information being used to analyze patient safety events and improve patient safety. For more information, see http://www.hhs.gov/ocr/privacy/ PHI Protected Health Information - Individually identifiable health information, including demographic data, that relates to: • The individual’s past, present, or future physical or mental health or condition, • The provision of health care to the individual, or • The past, present, or future payment for the provision of health care to the individual, and • Identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. For more information, see http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html SMS Short Message Service - a text messaging service component of phone, Web, or mobile communication systems that uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages. Study Administrator A company, group, or entity that defines and manages a study, experiment, or data-gathering endeavor directly or indirectly related to the healthcare industries. In this white paper, the Study Administrator is typically the client. Study Participant An individual who voluntarily participates as a data provider for a study, experiment, or data gathering endeavor of the Study Administrator. Also known as a patient or end user.
Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 4 of 9 HIPAA Defined The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted in part to protect the security and privacy of protected health information (PHI). Covered entities (e.g., health care providers engaged in certain electronic transactions, health plans, and health care clearinghouses) that create, maintain, transmit, use, and disclose an individual’s PHI are required to meet HIPAA requirements. HIPAA’s Privacy Rule restricts uses and disclosures of PHI, creates individual rights with respect to their PHI, and mandates administrative requirements. Among other requirements, the privacy rule requires a covered entity to reasonably safeguard PHI from any intentional or unintentional use or disclosure that is in violation of the requirements of HIPAA. HIPAA’s Security Rule requires covered entities to ensure the confidentiality, integrity, and availability of its electronic PHI, to protect against reasonably anticipated threats or hazards to the security or integrity of its electronic PHI, to protect against reasonably anticipated impermissible uses and disclosure of its electronic PHI, and to ensure compliance by their workforce. Additionally, the Security Rule requires covered entities to put in place detailed administrative, physical, and technical safeguards to protect electronic PHI. To do this, covered entities are required to implement access controls and set up backup and audit controls for electronic PHI in a manner commensurate with the associated risk. Additional HIPAA requirements include the need for a covered entity to provide notification following a breach of unsecured protected health information. HIPAA Redefined A common misconception about HIPAA requirements is that they define the specifics of what can and cannot be done. In reality, the intent of HIPAA is not to dictate individual do's and don'ts, but rather to provide guidance toward achieving a reasonable amount of control with regards to the management and security of PHI. As stated by KattenMuchinRosenman LLP and PerfectServe, Inc. in their white paper "Clarifying the Confusion about HIPAA-Compliant Texting:" "The HIPAA Security Rule is 'technology neutral.' Furthermore, compliance with the HIPAA Security Rule is not an attribute of a particular application or device, but rather of a system of physical, administrative, and technology safeguards that support the HIPAA-­‐compliant use of electronic communication. Thus, there is no such thing as a 'HIPAA-­‐compliant' application or device." Once HIPAA is understood as a guide toward compliant behaviors rather than a set of restrictions, researchers and health care providers can fully embrace the use of technologies with greater confidence. PHI and SMS: Evaluating Security Needs PHI, or individually identifiable health information, covers a broad spectrum of personal and demographic data. The protection and security of this data is at the heart of HIPAA's intent to ensure the individual's right to privacy. The use of SMS - or text messaging - to transmit this data is extremely useful and offers huge potential in research for recruiting and retaining patients as well as gathering important medical data. When considering the use of SMS for endeavors involving the exchange of PHI, security risks must be identified and evaluated. The intent of the assessment is to not only identify potential problems or weaknesses, but to establish the best possible approach to adhering to the HIPAA security standards. This risk assessment should: • Identify all PHI that will be created, received, maintained, or transmitted. • Identify all third parties and vendors who might also create, receive, maintain, or transmit the PHI. • Identify potential human, natural, and environmental threats to the information systems that transmit or store the PHI. • Evaluate threats and vulnerabilities by assigning levels of risk, likelihood, and impact. • Assess current security measures and investigate new security options. • Establish and implement mitigations and corrective actions where possible.
Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 5 of 9 Some of the more common risks to PHI when using SMS are: • Loss of a personal mobile phone or device containing PHI texts. • A breach or loss of PHI data from servers or databases in which the PHI is stored. • Interception of PHI while in transit. Fortunately, the likelihood of the occurrence of these risk scenarios can be greatly reduced by documented, enforced security policies and procedures, de-identification of PHI identifiers, and education and training regarding PHI and good security practices. Solutions Physical and logical security measures, including restricted access to data centers, servers, databases, and applications that contain PHI, are essential for HIPAA compliance practices. A good Quality Program includes thorough, detailed policies and procedures regarding the security of all aspects of software development, data management, change management, backup and restoration, and vendor management. In addition to core security, another safeguard of PHI is de-identification. This is an action or method that separates the individual (and associated individuals such as family members, employers, etc.) from unique identifiers such as: • Names • All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes • All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older • Telephone numbers • Fax numbers • Electronic mail addresses • Social security numbers • Medical record numbers • Health plan beneficiary numbers • Account numbers • Certificate/license numbers • Vehicle identifiers and serial numbers, including license plate numbers • Device identifiers and serial numbers • Web Universal Resource Locators (URLs) • Internet Protocol (IP) address numbers • Biometric identifiers, including finger and voice prints • Full face photographic images and any comparable images • Any other unique identifying number, characteristic, or code • Note: The identifiers listed above are only one aspect of PHI. PHI encompasses an individual's past, present, and future state of health, including information about health care providers. Refer to the Definitions section.
Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 6 of 9 While complete de-identification is not always possible, identifying and reducing instances where it is stored and how it is shared is the best practice. For example, mobile messaging software may need to maintain a mobile number as a method of linking inbound and outbound messages to mobile phones, but the mobile number and specific data types can be encrypted within the system itself, so in the event of a breach, only the message data is visible and is not directly associated with a mobile number. Furthermore, the mobile messaging software should assign a Patient ID to each user/patient as a reference point instead of mobile numbers, thereby associating data with a Patient ID in the software and also in data export functions. Another crucial aspect of security involves training and education. All persons who view, use, interpret, transmit, store, or manage PHI in any way must be properly trained on HIPAA standards and applicable security policies and procedures. Additionally, the proper care and processes need to be in place to ensure research staff and participants are both educated and informed about their own obligations to maintain privacy and data security. Participants can - and should - actively contribute to the safety of their own PHI. Guidance We believe that shared knowledge benefits all. Refer to Appendix A: Guidance and Advice for Effective, Compliant Studies Using SMS for valuable tips for: • Creating a mutually beneficial consent agreement. • Crafting PHI-friendly text messages, whether they are alerts, reminders, or survey questions. • Advising participants to safeguard their own PHI. Conclusion Effective management of risks via education and established security practices is the key to HIPAA compliance when using SMS. With the understanding that no application or device is truly HIPAA compliant, implementing and practicing proper procedures and education with staff, patients, and caregivers provides researchers with the ability to utilize cost-effective research technologies like SMS text messaging to achieve protocol requirements. For further guidance and tips on understanding and implementing good standards and practices regarding the use of SMS for the transmission of PHI, please see Appendix A: Guidance and Advice for Effective, Compliant Studies Using SMS. References HIPAA - http://www.hhs.gov/ocr/privacy/ KattenMuchinRosenman LLP and PerfectServe, Inc. - Clarifying the Confusion about HIPAA-Compliant Texting - https://www.perfectserve.com/hospital/docs/PerfectServe-Clarifying-Confusion-About-HIPAA-Compliant- Electronic-Communication.pdf Amazon Web Services - Creating Healthcare Data Applications to Promote HIPAA and HITECH Compliance - http://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf UC Davis Health System - http://www.ucdmc.ucdavis.edu/compliance/guidance/privacy/deident.html Qualtrics - The 10 Commandments for Writing Outstanding Survey Questions - http://www.qualtrics.com/blog/good-survey-questions/ The Purdue OWL - http://owl.english.purdue.edu Disclaimer This white paper is not intended to constitute legal advice. Clients are advised to seek the advice of legal counsel regarding compliance with HIPAA and other regulations that may be applicable to their business. Mosio and its affiliated entities make no representations or warranties that the client's use of Mosio services will assure full compliance with applicable laws.
Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 7 of 9 Appendix A: Guidance and Advice for Effective, Compliant Studies Using SMS This appendix to the paper "Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research" is intended to assist our current and future clients with understanding and implementing good standards and practices regarding the use of SMS (Short Message Service) for the transmission of PHI (Protected Health Information). Risk vs. Reward: Why Gray Should Be Your New Best Friend Like most of life's endeavors, there are no guarantees that nothing will ever go wrong when using technology to perform a function. When considering the use of SMS or any technology to transmit privacy data as part of a study or trial, it is vital to understand that some risks exist. For example, computers and mobile devices can be lost, stolen, or even hacked. It is impossible to fully protect against all possible mishaps, but safeguards can be put in place to reduce the risks. HIPAA privacy and security requirements for PHI are printed in black and white, but the reality of compliance lies in the myriad of shades of gray. The wise approach is to understand and acknowledge the risks specific to the research project at hand, provide the best mitigations possible, and work with service providers who do the same. When choosing a text messaging vendor or technology partner, additional consideration should be given to the company's experience, knowledge, technological features, and internal processes for managing PHI so that you benefit from a customized study solution that will generate the most reliable data with as little risk as possible. Essential components of minimizing risk include open communication, understanding, and education. When all parties understand and agree upon the nature of the tasks to be performed, the associated risks dwindle significantly. The following sections contain practical advice for achieving this goal. The Consent Agreement: Protection for All Parties A thorough consent agreement between the Study Administrator and the Study Participant is essential in order to protect the rights of all involved. The consent agreement should address the following, at a minimum: • Description of the nature of the data the Study Participant will provide. Each participant should fully understand what information he/she will be submitting. Ideally, this should be customized for the study and should include as much detail as possible, e.g., daily blood pressure, weight, or timing and dosage of medications. Note: HIPAA does not dictate what a Study Administrator can and cannot ask. The nature of the questions is an agreement between the Study Administrator and the Study Participant. • Description of how this information will be obtained. Each participant should fully understand how he/she will submit the data. For example, the consent agreement should clearly state that Mosio will facilitate the questions and answers via text messages sent to and from the participant's personal mobile device. Data provided by the participant as part of the initial recruiting, setup process, and completion process should also be addressed. • Description of how this data will be used. Each participant must be informed of all potential usage of his/her PHI, including the sharing of data with third parties. This could be a reference to existing privacy data policies. Each participant must consent to all data usage and sharing. • Description of how this data will be securely managed. This is the most crucial element. For the sake of all parties, all privacy data obtained by the Study Administrator for any purpose must be managed in such a manner that ensures the best possible security. This could reference existing policies, procedures, and privacy data policies. If applicable, this should also address third party providers' responsibilities regarding data security. • Disclosures of risks and vulnerabilities. Participants must be notified of identified potential risks, such as the risks involved with the use of unencrypted texts.
Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 8 of 9 • A clear definition of the boundaries between the Study Administrator and the Study Participant responsibilities. This should include disclaimers that the Study Administrator is not responsible for any loss or breach of data that results from something beyond their control, e.g., the participant loses his/her personal mobile device containing text messages with his/her PHI, or a third party vendor or host experiences a server/data breach. • Acknowledgement of Rights and Receipt of Instructions. Participants should be advised of their rights. This may be documented separately. Additionally, participants should be offered instructions and/or tips for ways to safeguard their own PHI data. Refer to the Advice to Participants section below for examples. Participants should formally acknowledge the receipt and understanding of both their rights and the instructions provided. • Process for notifying the participant in case of an actual or potential security breach. This is essential for HIPAA compliance. The process should include communication steps, follow-up activities, and responsibilities of third parties. This may be defined or referred to in a separate privacy data policy. The final draft of the consent agreement should be reviewed and approved by compliance and legal advisors prior to use. Good Questions Get Good Answers Concise, efficient, well-crafted survey questions can help enforce security consistent with HIPAA requirements and can also eliminate some risks when using SMS to transmit PHI. Some tips include: • Keep questions as short and concise as possible. Longer questions may increase confusion and lead the participant to craft a longer-than-necessary reply, which could contain unnecessary PHI. A brief answer of "yes," "no," or "2," is meaningless when taken out of context, yet can still provide all the data needed for the study. As an added bonus, participants are more likely to respond more quickly and accurately when allowed the opportunity for a short answer. • Build questions that are clearly understood. Avoid vague, loaded, or leading words, such as "could," "might," "often," or "never." "Do you drink milk regularly?" is both vague and potentially confusing. Better data would result from a question like "How many 8oz. glasses of milk did you consume today?" Getting precise data the first time will eliminate the need to ask more detailed follow-up questions later. • Ask individual questions. Do not combine questions. "Did you do your assigned exercises and take your pill today?" should be separated into two distinct questions. • Use commonly understood words. Avoid jargon or highly technical terms that the participant might not understand. This could also lead to the unnecessary PHI or the sharing of personal data not agreed upon in the consent agreement. • Remind the participant of privacy measures. For example, the following text could be sent periodically, or after every survey question: "We vow to protect the information you provide. For extra safety and privacy, please delete the survey question and your response after sending. Thank you for your participation and your trust."
Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 9 of 9 Advice for Participants While the Study Administrator is ultimately responsible for securing PHI as much as possible, the Study Participant should be aware of his/her own responsibilities for securing his/her own data where possible. Participants using their own mobile devices should be educated to: • Think carefully when composing answers to questions. Do not provide any personal information that is not asked for. • When sending text responses, double-check to ensure that the reply is being sent only to the proper persons/entities. • Delete incoming and/or outgoing text messages containing PHI after sending a response to a prompt or question. • Keep the mobile device password-protected and/or locked to prevent others from accessing text message history. • Make an effort to minimize the chances that the mobile device will be lost or stolen, e.g., lock the device in a drawer when going to a meeting rather than leaving the phone out on the desk. • When syncing the mobile device with another device or computer for any sort of data transfer, take special care to ensure that texts containing PHI are not transferred. • Do not post or copy any texts or parts of texts containing PHI on any social media site. • Contact the Study Administrator in the event of a potential data breach, the loss of the mobile device, or suspicious texts claiming to be a part of the study. Some or all of the items listed above may be included or referenced in the consent agreement. At the least, the consent agreement should include an acknowledgment that the participant received and understood the instructions. The Last Word Careful planning, communication, and education go a long way toward HIPAA-compliant use of SMS. When combined with our Quality Program and stringent security measures, data is as safe as it can possibly be. Questions? Existing Mosio clients, please contact support@mosio.com with any questions or concerns. If you are looking to utilize the power of text messaging in your next research study, please visit us at http://www.mosio.com.

Recommended

HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security PresentationRebecca Norman
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information securityHiggi123
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummieshipaacompliance
 
HIPAA 101 for Startups
HIPAA 101 for StartupsHIPAA 101 for Startups
HIPAA 101 for StartupsObaa, Inc.
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookElizabeth Dimit
 
HIPAA
HIPAAHIPAA
HIPAAKarna *
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 

Recommended

HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security PresentationRebecca Norman
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information securityHiggi123
 
HIPAA for Dummies
HIPAA for DummiesHIPAA for Dummies
HIPAA for Dummieshipaacompliance
 
HIPAA 101 for Startups
HIPAA 101 for StartupsHIPAA 101 for Startups
HIPAA 101 for StartupsObaa, Inc.
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookElizabeth Dimit
 
HIPAA
HIPAAHIPAA
HIPAAKarna *
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 
The Basics of HIPAA
The Basics of HIPAA The Basics of HIPAA
The Basics of HIPAA DamianKnowles1
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAAMargery Lynn
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentialityjessie66
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Compliancy Group
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibuswardell henley
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updatedkkurapat
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Haydenhaydens
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)29535814851
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA TrainingCynthia Holland
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12O2 TESTING SERVICES
 
HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio PresentationLisa Shannon, RN, BSN, JD.
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshowheronimus92
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to YouWinston & Strawn LLP
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2martykoepke
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011darichardson
 
Describe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdfDescribe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdfmohammedfootwear
 
Introduction hippaa
Introduction hippaaIntroduction hippaa
Introduction hippaaTina Peña
 

More Related Content

What's hot

Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAAMargery Lynn
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentialityjessie66
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Compliancy Group
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updatedkkurapat
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Haydenhaydens
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)29535814851
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2martykoepke
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011darichardson
 

What's hot (20)

The Basics of HIPAA
The Basics of HIPAA The Basics of HIPAA
The Basics of HIPAA
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAA
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentiality
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of Compliance
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibus
 
Hipaa101 updated
Hipaa101 updatedHipaa101 updated
Hipaa101 updated
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECH
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Hayden
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliance
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA Training
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12
 
HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio Presentation
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshow
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA Training
 
HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011
 

Similar to Mosio White Paper: Simplifying HIPAA and SMS in Clinical Research

Describe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdfDescribe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdfmohammedfootwear
 
Introduction hippaa
Introduction hippaaIntroduction hippaa
Introduction hippaaTina Peña
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality trainingSheena705
 
Explaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxExplaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxVistaInfosec
 
Patient confidentilty
Patient confidentiltyPatient confidentilty
Patient confidentiltySheena705
 
Mha 690 presentation hippa
Mha 690 presentation hippaMha 690 presentation hippa
Mha 690 presentation hippabelle0508
 
Mha690 confidentiality training-week 1, discussion 2
Mha690 confidentiality training-week 1, discussion 2Mha690 confidentiality training-week 1, discussion 2
Mha690 confidentiality training-week 1, discussion 2Kristen Zimmer
 
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...susmitaghosh93
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
Privacy and security of information Consider this scenario.docx
Privacy and security of information Consider this scenario.docxPrivacy and security of information Consider this scenario.docx
Privacy and security of information Consider this scenario.docxChantellPantoja184
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentationProvider Resources Group
 
Confidentiality training
Confidentiality trainingConfidentiality training
Confidentiality trainingDDTurner
 
HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations OnRamp
 
Priv&security&profin electrcommunicationsrev9 23
Priv&security&profin electrcommunicationsrev9 23Priv&security&profin electrcommunicationsrev9 23
Priv&security&profin electrcommunicationsrev9 23Deven McGraw
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality12ort
 
Confidentiality 9.26.13
Confidentiality 9.26.13Confidentiality 9.26.13
Confidentiality 9.26.13pneville0629
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...Michigan Primary Care Association
 

Similar to Mosio White Paper: Simplifying HIPAA and SMS in Clinical Research (20)

Describe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdfDescribe one safeguard that should be in place to protect the confid.pdf
Describe one safeguard that should be in place to protect the confid.pdf
 
Introduction hippaa
Introduction hippaaIntroduction hippaa
Introduction hippaa
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality training
 
Explaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxExplaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docx
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
Patient confidentilty
Patient confidentiltyPatient confidentilty
Patient confidentilty
 
Mha 690 presentation hippa
Mha 690 presentation hippaMha 690 presentation hippa
Mha 690 presentation hippa
 
Mha690 confidentiality training-week 1, discussion 2
Mha690 confidentiality training-week 1, discussion 2Mha690 confidentiality training-week 1, discussion 2
Mha690 confidentiality training-week 1, discussion 2
 
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small Practices
 
Privacy and security of information Consider this scenario.docx
Privacy and security of information Consider this scenario.docxPrivacy and security of information Consider this scenario.docx
Privacy and security of information Consider this scenario.docx
 
how to really implement hipaa presentation
how to really implement hipaa presentationhow to really implement hipaa presentation
how to really implement hipaa presentation
 
Confidentiality training
Confidentiality trainingConfidentiality training
Confidentiality training
 
HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations HIPAA eBOOK: Avoid Common HIPAA Violations
HIPAA eBOOK: Avoid Common HIPAA Violations
 
Priv&security&profin electrcommunicationsrev9 23
Priv&security&profin electrcommunicationsrev9 23Priv&security&profin electrcommunicationsrev9 23
Priv&security&profin electrcommunicationsrev9 23
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Confidentiality 9.26.13
Confidentiality 9.26.13Confidentiality 9.26.13
Confidentiality 9.26.13
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
 

More from Mosio

Attention: Public Health Departments…Help Stop the Spread of COVID-19 with Te...
Attention: Public Health Departments…Help Stop the Spread of COVID-19 with Te...Attention: Public Health Departments…Help Stop the Spread of COVID-19 with Te...
Attention: Public Health Departments…Help Stop the Spread of COVID-19 with Te...Mosio
 
Mosio's Clinical Trial Patient Recruitment and Retention Ebook (First Edition)
Mosio's Clinical Trial Patient Recruitment and Retention Ebook (First Edition)Mosio's Clinical Trial Patient Recruitment and Retention Ebook (First Edition)
Mosio's Clinical Trial Patient Recruitment and Retention Ebook (First Edition)Mosio
 
MAGI West Presentation from Dale Korth (Manager, Marketing and Recruitment, C...
MAGI West Presentation from Dale Korth (Manager, Marketing and Recruitment, C...MAGI West Presentation from Dale Korth (Manager, Marketing and Recruitment, C...
MAGI West Presentation from Dale Korth (Manager, Marketing and Recruitment, C...Mosio
 
Patient Wise - Presentation - Updating Your Recruitment Strategy 2013
Patient Wise - Presentation - Updating Your Recruitment Strategy 2013Patient Wise - Presentation - Updating Your Recruitment Strategy 2013
Patient Wise - Presentation - Updating Your Recruitment Strategy 2013Mosio
 
CTIA Mobile Commerce Compliance Handbook July 2013
CTIA Mobile Commerce Compliance Handbook July 2013CTIA Mobile Commerce Compliance Handbook July 2013
CTIA Mobile Commerce Compliance Handbook July 2013Mosio
 
CTIA Playbook June 2012
CTIA Playbook June 2012CTIA Playbook June 2012
CTIA Playbook June 2012Mosio
 
6 Reasons Not to Build a Mobile Application for your Conference, Event or Mee...
6 Reasons Not to Build a Mobile Application for your Conference, Event or Mee...6 Reasons Not to Build a Mobile Application for your Conference, Event or Mee...
6 Reasons Not to Build a Mobile Application for your Conference, Event or Mee...Mosio
 
Mobile Marketing Association - Best Practices Guide 2011
Mobile Marketing Association - Best Practices Guide 2011Mobile Marketing Association - Best Practices Guide 2011
Mobile Marketing Association - Best Practices Guide 2011Mosio
 
Mosio | Customer Feedback via Text Messaging | Customer Service | Comments | ...
Mosio | Customer Feedback via Text Messaging | Customer Service | Comments | ...Mosio | Customer Feedback via Text Messaging | Customer Service | Comments | ...
Mosio | Customer Feedback via Text Messaging | Customer Service | Comments | ...Mosio
 

More from Mosio (9)

Attention: Public Health Departments…Help Stop the Spread of COVID-19 with Te...
Attention: Public Health Departments…Help Stop the Spread of COVID-19 with Te...Attention: Public Health Departments…Help Stop the Spread of COVID-19 with Te...
Attention: Public Health Departments…Help Stop the Spread of COVID-19 with Te...
 
Mosio's Clinical Trial Patient Recruitment and Retention Ebook (First Edition)
Mosio's Clinical Trial Patient Recruitment and Retention Ebook (First Edition)Mosio's Clinical Trial Patient Recruitment and Retention Ebook (First Edition)
Mosio's Clinical Trial Patient Recruitment and Retention Ebook (First Edition)
 
MAGI West Presentation from Dale Korth (Manager, Marketing and Recruitment, C...
MAGI West Presentation from Dale Korth (Manager, Marketing and Recruitment, C...MAGI West Presentation from Dale Korth (Manager, Marketing and Recruitment, C...
MAGI West Presentation from Dale Korth (Manager, Marketing and Recruitment, C...
 
Patient Wise - Presentation - Updating Your Recruitment Strategy 2013
Patient Wise - Presentation - Updating Your Recruitment Strategy 2013Patient Wise - Presentation - Updating Your Recruitment Strategy 2013
Patient Wise - Presentation - Updating Your Recruitment Strategy 2013
 
CTIA Mobile Commerce Compliance Handbook July 2013
CTIA Mobile Commerce Compliance Handbook July 2013CTIA Mobile Commerce Compliance Handbook July 2013
CTIA Mobile Commerce Compliance Handbook July 2013
 
CTIA Playbook June 2012
CTIA Playbook June 2012CTIA Playbook June 2012
CTIA Playbook June 2012
 
6 Reasons Not to Build a Mobile Application for your Conference, Event or Mee...
6 Reasons Not to Build a Mobile Application for your Conference, Event or Mee...6 Reasons Not to Build a Mobile Application for your Conference, Event or Mee...
6 Reasons Not to Build a Mobile Application for your Conference, Event or Mee...
 
Mobile Marketing Association - Best Practices Guide 2011
Mobile Marketing Association - Best Practices Guide 2011Mobile Marketing Association - Best Practices Guide 2011
Mobile Marketing Association - Best Practices Guide 2011
 
Mosio | Customer Feedback via Text Messaging | Customer Service | Comments | ...
Mosio | Customer Feedback via Text Messaging | Customer Service | Comments | ...Mosio | Customer Feedback via Text Messaging | Customer Service | Comments | ...
Mosio | Customer Feedback via Text Messaging | Customer Service | Comments | ...
 

Recently uploaded

Glomerular Filtration rate and its determinants.pptx
Glomerular Filtration rate and its determinants.pptxGlomerular Filtration rate and its determinants.pptx
Glomerular Filtration rate and its determinants.pptxDr.Nusrat Tariq
 
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiCall Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiNehru place Escorts
 
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...narwatsonia7
 
Pharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, PricingPharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, PricingArunagarwal328757
 
Call Girl Nagpur Sia 7001305949 Independent Escort Service Nagpur
Call Girl Nagpur Sia 7001305949 Independent Escort Service NagpurCall Girl Nagpur Sia 7001305949 Independent Escort Service Nagpur
Call Girl Nagpur Sia 7001305949 Independent Escort Service NagpurRiya Pathan
 
97111 47426 Call Girls In Delhi MUNIRKAA
97111 47426 Call Girls In Delhi MUNIRKAA97111 47426 Call Girls In Delhi MUNIRKAA
97111 47426 Call Girls In Delhi MUNIRKAAjennyeacort
 
Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024Gabriel Guevara MD
 
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Hematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsHematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsMedicoseAcademics
 
Call Girls Hosur Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hosur Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hosur Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hosur Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
See the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy PlatformSee the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy PlatformKweku Zurek
 
Call Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service SuratCall Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service Suratnarwatsonia7
 
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service LucknowCall Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknownarwatsonia7
 
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbersBook Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbersnarwatsonia7
 
call girls in Connaught Place DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in Connaught Place DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...call girls in Connaught Place DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in Connaught Place DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...saminamagar
 
Hemostasis Physiology and Clinical correlations by Dr Faiza.pdf
Hemostasis Physiology and Clinical correlations by Dr Faiza.pdfHemostasis Physiology and Clinical correlations by Dr Faiza.pdf
Hemostasis Physiology and Clinical correlations by Dr Faiza.pdfMedicoseAcademics
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceNehru place Escorts
 

Recently uploaded (20)

Glomerular Filtration rate and its determinants.pptx
Glomerular Filtration rate and its determinants.pptxGlomerular Filtration rate and its determinants.pptx
Glomerular Filtration rate and its determinants.pptx
 
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
Call Girls ITPL Just Call 7001305949 Top Class Call Girl Service Available
 
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiCall Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
 
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
 
Pharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, PricingPharmaceutical Marketting: Unit-5, Pricing
Pharmaceutical Marketting: Unit-5, Pricing
 
Call Girl Nagpur Sia 7001305949 Independent Escort Service Nagpur
Call Girl Nagpur Sia 7001305949 Independent Escort Service NagpurCall Girl Nagpur Sia 7001305949 Independent Escort Service Nagpur
Call Girl Nagpur Sia 7001305949 Independent Escort Service Nagpur
 
97111 47426 Call Girls In Delhi MUNIRKAA
97111 47426 Call Girls In Delhi MUNIRKAA97111 47426 Call Girls In Delhi MUNIRKAA
97111 47426 Call Girls In Delhi MUNIRKAA
 
Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024
 
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in green park DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hsr Layout Just Call 7001305949 Top Class Call Girl Service Available
 
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
 
Hematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes FunctionsHematology and Immunology - Leukocytes Functions
Hematology and Immunology - Leukocytes Functions
 
Call Girls Hosur Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hosur Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Hosur Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Hosur Just Call 7001305949 Top Class Call Girl Service Available
 
See the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy PlatformSee the 2,456 pharmacies on the National E-Pharmacy Platform
See the 2,456 pharmacies on the National E-Pharmacy Platform
 
Call Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service SuratCall Girl Surat Madhuri 7001305949 Independent Escort Service Surat
Call Girl Surat Madhuri 7001305949 Independent Escort Service Surat
 
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service LucknowCall Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
Call Girl Lucknow Mallika 7001305949 Independent Escort Service Lucknow
 
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbersBook Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
Book Call Girls in Kasavanahalli - 7001305949 with real photos and phone numbers
 
call girls in Connaught Place DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in Connaught Place DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...call girls in Connaught Place DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
call girls in Connaught Place DELHI 🔝 >༒9540349809 🔝 genuine Escort Service ...
 
Hemostasis Physiology and Clinical correlations by Dr Faiza.pdf
Hemostasis Physiology and Clinical correlations by Dr Faiza.pdfHemostasis Physiology and Clinical correlations by Dr Faiza.pdf
Hemostasis Physiology and Clinical correlations by Dr Faiza.pdf
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
 

Mosio White Paper: Simplifying HIPAA and SMS in Clinical Research

  • 1. Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research
  • 2. Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 2 of 9 Table of Contents Abstract ..................................................................................................................................................................... 3   Introduction................................................................................................................................................................ 3   Definitions.................................................................................................................................................................. 3   HIPAA Defined .......................................................................................................................................................... 4   HIPAA Redefined ...................................................................................................................................................... 4   PHI and SMS: Evaluating Security Needs ................................................................................................................ 4   Solutions.................................................................................................................................................................... 5   Guidance................................................................................................................................................................... 6   Conclusion................................................................................................................................................................. 6   References................................................................................................................................................................ 6   Disclaimer.................................................................................................................................................................. 6   Appendix A: Guidance and Advice for Effective, Compliant Studies Using SMS...................................................... 7   Risk vs. Reward: Why Gray Should Be Your New Best Friend.................................................................... 7   The Consent Agreement: Protection for All Parties...................................................................................... 7   Good Questions Get Good Answers............................................................................................................ 8   Advice for Participants.................................................................................................................................. 9   The Last Word.............................................................................................................................................. 9   Questions? ................................................................................................................................................... 9  
  • 3. Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 3 of 9 Abstract As the use of personal mobile devices became ubiquitous, the manner in which healthcare studies and clinical trials are performed expanded into the world of modern technology. With this evolution came the need to establish methods to protect the data, and to protect the rights of individuals providing personal health information. This paper focuses on the rapidly growing need to understand and practice the security issues associated with using Short Message Service (SMS) texts for transmitting Protected Health Information (PHI) in order to ensure the best possible compliance with The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Introduction In response to recent requests and questions, we researched ways to provide education for HIPAA compliance and to improve the ways that mobile text messaging services can be customized to provide clients with the best methods for ensuring secure PHI data. This paper provides background information and definitions for a basic understanding of HIPAA and PHI, how these regulations are translated into the real world, detailed information of our contributions to compliance and security, and guidance for clients' use. Definitions Term Definition HIPAA Health Insurance Portability and Accountability Act - enacted in 1996 by the United States Congress to ensure health insurance coverage for workers and to establish standards regarding electronic healthcare data. • The HIPAA Privacy Rule protects the privacy of individually identifiable health information (See PHI.). • The HIPAA Security Rule sets national standards for the security of electronic protected health information. • The HIPAA Breach Notification Rule requires covered entities and business associates to provide notification following a breach of unsecured protected health information. • The HIPAA Patient Safety Rule protects identifiable information being used to analyze patient safety events and improve patient safety. For more information, see http://www.hhs.gov/ocr/privacy/ PHI Protected Health Information - Individually identifiable health information, including demographic data, that relates to: • The individual’s past, present, or future physical or mental health or condition, • The provision of health care to the individual, or • The past, present, or future payment for the provision of health care to the individual, and • Identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. For more information, see http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html SMS Short Message Service - a text messaging service component of phone, Web, or mobile communication systems that uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages. Study Administrator A company, group, or entity that defines and manages a study, experiment, or data-gathering endeavor directly or indirectly related to the healthcare industries. In this white paper, the Study Administrator is typically the client. Study Participant An individual who voluntarily participates as a data provider for a study, experiment, or data gathering endeavor of the Study Administrator. Also known as a patient or end user.
  • 4. Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 4 of 9 HIPAA Defined The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted in part to protect the security and privacy of protected health information (PHI). Covered entities (e.g., health care providers engaged in certain electronic transactions, health plans, and health care clearinghouses) that create, maintain, transmit, use, and disclose an individual’s PHI are required to meet HIPAA requirements. HIPAA’s Privacy Rule restricts uses and disclosures of PHI, creates individual rights with respect to their PHI, and mandates administrative requirements. Among other requirements, the privacy rule requires a covered entity to reasonably safeguard PHI from any intentional or unintentional use or disclosure that is in violation of the requirements of HIPAA. HIPAA’s Security Rule requires covered entities to ensure the confidentiality, integrity, and availability of its electronic PHI, to protect against reasonably anticipated threats or hazards to the security or integrity of its electronic PHI, to protect against reasonably anticipated impermissible uses and disclosure of its electronic PHI, and to ensure compliance by their workforce. Additionally, the Security Rule requires covered entities to put in place detailed administrative, physical, and technical safeguards to protect electronic PHI. To do this, covered entities are required to implement access controls and set up backup and audit controls for electronic PHI in a manner commensurate with the associated risk. Additional HIPAA requirements include the need for a covered entity to provide notification following a breach of unsecured protected health information. HIPAA Redefined A common misconception about HIPAA requirements is that they define the specifics of what can and cannot be done. In reality, the intent of HIPAA is not to dictate individual do's and don'ts, but rather to provide guidance toward achieving a reasonable amount of control with regards to the management and security of PHI. As stated by KattenMuchinRosenman LLP and PerfectServe, Inc. in their white paper "Clarifying the Confusion about HIPAA-Compliant Texting:" "The HIPAA Security Rule is 'technology neutral.' Furthermore, compliance with the HIPAA Security Rule is not an attribute of a particular application or device, but rather of a system of physical, administrative, and technology safeguards that support the HIPAA-­‐compliant use of electronic communication. Thus, there is no such thing as a 'HIPAA-­‐compliant' application or device." Once HIPAA is understood as a guide toward compliant behaviors rather than a set of restrictions, researchers and health care providers can fully embrace the use of technologies with greater confidence. PHI and SMS: Evaluating Security Needs PHI, or individually identifiable health information, covers a broad spectrum of personal and demographic data. The protection and security of this data is at the heart of HIPAA's intent to ensure the individual's right to privacy. The use of SMS - or text messaging - to transmit this data is extremely useful and offers huge potential in research for recruiting and retaining patients as well as gathering important medical data. When considering the use of SMS for endeavors involving the exchange of PHI, security risks must be identified and evaluated. The intent of the assessment is to not only identify potential problems or weaknesses, but to establish the best possible approach to adhering to the HIPAA security standards. This risk assessment should: • Identify all PHI that will be created, received, maintained, or transmitted. • Identify all third parties and vendors who might also create, receive, maintain, or transmit the PHI. • Identify potential human, natural, and environmental threats to the information systems that transmit or store the PHI. • Evaluate threats and vulnerabilities by assigning levels of risk, likelihood, and impact. • Assess current security measures and investigate new security options. • Establish and implement mitigations and corrective actions where possible.
  • 5. Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 5 of 9 Some of the more common risks to PHI when using SMS are: • Loss of a personal mobile phone or device containing PHI texts. • A breach or loss of PHI data from servers or databases in which the PHI is stored. • Interception of PHI while in transit. Fortunately, the likelihood of the occurrence of these risk scenarios can be greatly reduced by documented, enforced security policies and procedures, de-identification of PHI identifiers, and education and training regarding PHI and good security practices. Solutions Physical and logical security measures, including restricted access to data centers, servers, databases, and applications that contain PHI, are essential for HIPAA compliance practices. A good Quality Program includes thorough, detailed policies and procedures regarding the security of all aspects of software development, data management, change management, backup and restoration, and vendor management. In addition to core security, another safeguard of PHI is de-identification. This is an action or method that separates the individual (and associated individuals such as family members, employers, etc.) from unique identifiers such as: • Names • All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes • All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older • Telephone numbers • Fax numbers • Electronic mail addresses • Social security numbers • Medical record numbers • Health plan beneficiary numbers • Account numbers • Certificate/license numbers • Vehicle identifiers and serial numbers, including license plate numbers • Device identifiers and serial numbers • Web Universal Resource Locators (URLs) • Internet Protocol (IP) address numbers • Biometric identifiers, including finger and voice prints • Full face photographic images and any comparable images • Any other unique identifying number, characteristic, or code • Note: The identifiers listed above are only one aspect of PHI. PHI encompasses an individual's past, present, and future state of health, including information about health care providers. Refer to the Definitions section.
  • 6. Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 6 of 9 While complete de-identification is not always possible, identifying and reducing instances where it is stored and how it is shared is the best practice. For example, mobile messaging software may need to maintain a mobile number as a method of linking inbound and outbound messages to mobile phones, but the mobile number and specific data types can be encrypted within the system itself, so in the event of a breach, only the message data is visible and is not directly associated with a mobile number. Furthermore, the mobile messaging software should assign a Patient ID to each user/patient as a reference point instead of mobile numbers, thereby associating data with a Patient ID in the software and also in data export functions. Another crucial aspect of security involves training and education. All persons who view, use, interpret, transmit, store, or manage PHI in any way must be properly trained on HIPAA standards and applicable security policies and procedures. Additionally, the proper care and processes need to be in place to ensure research staff and participants are both educated and informed about their own obligations to maintain privacy and data security. Participants can - and should - actively contribute to the safety of their own PHI. Guidance We believe that shared knowledge benefits all. Refer to Appendix A: Guidance and Advice for Effective, Compliant Studies Using SMS for valuable tips for: • Creating a mutually beneficial consent agreement. • Crafting PHI-friendly text messages, whether they are alerts, reminders, or survey questions. • Advising participants to safeguard their own PHI. Conclusion Effective management of risks via education and established security practices is the key to HIPAA compliance when using SMS. With the understanding that no application or device is truly HIPAA compliant, implementing and practicing proper procedures and education with staff, patients, and caregivers provides researchers with the ability to utilize cost-effective research technologies like SMS text messaging to achieve protocol requirements. For further guidance and tips on understanding and implementing good standards and practices regarding the use of SMS for the transmission of PHI, please see Appendix A: Guidance and Advice for Effective, Compliant Studies Using SMS. References HIPAA - http://www.hhs.gov/ocr/privacy/ KattenMuchinRosenman LLP and PerfectServe, Inc. - Clarifying the Confusion about HIPAA-Compliant Texting - https://www.perfectserve.com/hospital/docs/PerfectServe-Clarifying-Confusion-About-HIPAA-Compliant- Electronic-Communication.pdf Amazon Web Services - Creating Healthcare Data Applications to Promote HIPAA and HITECH Compliance - http://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf UC Davis Health System - http://www.ucdmc.ucdavis.edu/compliance/guidance/privacy/deident.html Qualtrics - The 10 Commandments for Writing Outstanding Survey Questions - http://www.qualtrics.com/blog/good-survey-questions/ The Purdue OWL - http://owl.english.purdue.edu Disclaimer This white paper is not intended to constitute legal advice. Clients are advised to seek the advice of legal counsel regarding compliance with HIPAA and other regulations that may be applicable to their business. Mosio and its affiliated entities make no representations or warranties that the client's use of Mosio services will assure full compliance with applicable laws.
  • 7. Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 7 of 9 Appendix A: Guidance and Advice for Effective, Compliant Studies Using SMS This appendix to the paper "Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research" is intended to assist our current and future clients with understanding and implementing good standards and practices regarding the use of SMS (Short Message Service) for the transmission of PHI (Protected Health Information). Risk vs. Reward: Why Gray Should Be Your New Best Friend Like most of life's endeavors, there are no guarantees that nothing will ever go wrong when using technology to perform a function. When considering the use of SMS or any technology to transmit privacy data as part of a study or trial, it is vital to understand that some risks exist. For example, computers and mobile devices can be lost, stolen, or even hacked. It is impossible to fully protect against all possible mishaps, but safeguards can be put in place to reduce the risks. HIPAA privacy and security requirements for PHI are printed in black and white, but the reality of compliance lies in the myriad of shades of gray. The wise approach is to understand and acknowledge the risks specific to the research project at hand, provide the best mitigations possible, and work with service providers who do the same. When choosing a text messaging vendor or technology partner, additional consideration should be given to the company's experience, knowledge, technological features, and internal processes for managing PHI so that you benefit from a customized study solution that will generate the most reliable data with as little risk as possible. Essential components of minimizing risk include open communication, understanding, and education. When all parties understand and agree upon the nature of the tasks to be performed, the associated risks dwindle significantly. The following sections contain practical advice for achieving this goal. The Consent Agreement: Protection for All Parties A thorough consent agreement between the Study Administrator and the Study Participant is essential in order to protect the rights of all involved. The consent agreement should address the following, at a minimum: • Description of the nature of the data the Study Participant will provide. Each participant should fully understand what information he/she will be submitting. Ideally, this should be customized for the study and should include as much detail as possible, e.g., daily blood pressure, weight, or timing and dosage of medications. Note: HIPAA does not dictate what a Study Administrator can and cannot ask. The nature of the questions is an agreement between the Study Administrator and the Study Participant. • Description of how this information will be obtained. Each participant should fully understand how he/she will submit the data. For example, the consent agreement should clearly state that Mosio will facilitate the questions and answers via text messages sent to and from the participant's personal mobile device. Data provided by the participant as part of the initial recruiting, setup process, and completion process should also be addressed. • Description of how this data will be used. Each participant must be informed of all potential usage of his/her PHI, including the sharing of data with third parties. This could be a reference to existing privacy data policies. Each participant must consent to all data usage and sharing. • Description of how this data will be securely managed. This is the most crucial element. For the sake of all parties, all privacy data obtained by the Study Administrator for any purpose must be managed in such a manner that ensures the best possible security. This could reference existing policies, procedures, and privacy data policies. If applicable, this should also address third party providers' responsibilities regarding data security. • Disclosures of risks and vulnerabilities. Participants must be notified of identified potential risks, such as the risks involved with the use of unencrypted texts.
  • 8. Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 8 of 9 • A clear definition of the boundaries between the Study Administrator and the Study Participant responsibilities. This should include disclaimers that the Study Administrator is not responsible for any loss or breach of data that results from something beyond their control, e.g., the participant loses his/her personal mobile device containing text messages with his/her PHI, or a third party vendor or host experiences a server/data breach. • Acknowledgement of Rights and Receipt of Instructions. Participants should be advised of their rights. This may be documented separately. Additionally, participants should be offered instructions and/or tips for ways to safeguard their own PHI data. Refer to the Advice to Participants section below for examples. Participants should formally acknowledge the receipt and understanding of both their rights and the instructions provided. • Process for notifying the participant in case of an actual or potential security breach. This is essential for HIPAA compliance. The process should include communication steps, follow-up activities, and responsibilities of third parties. This may be defined or referred to in a separate privacy data policy. The final draft of the consent agreement should be reviewed and approved by compliance and legal advisors prior to use. Good Questions Get Good Answers Concise, efficient, well-crafted survey questions can help enforce security consistent with HIPAA requirements and can also eliminate some risks when using SMS to transmit PHI. Some tips include: • Keep questions as short and concise as possible. Longer questions may increase confusion and lead the participant to craft a longer-than-necessary reply, which could contain unnecessary PHI. A brief answer of "yes," "no," or "2," is meaningless when taken out of context, yet can still provide all the data needed for the study. As an added bonus, participants are more likely to respond more quickly and accurately when allowed the opportunity for a short answer. • Build questions that are clearly understood. Avoid vague, loaded, or leading words, such as "could," "might," "often," or "never." "Do you drink milk regularly?" is both vague and potentially confusing. Better data would result from a question like "How many 8oz. glasses of milk did you consume today?" Getting precise data the first time will eliminate the need to ask more detailed follow-up questions later. • Ask individual questions. Do not combine questions. "Did you do your assigned exercises and take your pill today?" should be separated into two distinct questions. • Use commonly understood words. Avoid jargon or highly technical terms that the participant might not understand. This could also lead to the unnecessary PHI or the sharing of personal data not agreed upon in the consent agreement. • Remind the participant of privacy measures. For example, the following text could be sent periodically, or after every survey question: "We vow to protect the information you provide. For extra safety and privacy, please delete the survey question and your response after sending. Thank you for your participation and your trust."
  • 9. Simplifying HIPAA and SMS: A Practical Approach to the Secure Use of Text Messaging in Clinical Research Page 9 of 9 Advice for Participants While the Study Administrator is ultimately responsible for securing PHI as much as possible, the Study Participant should be aware of his/her own responsibilities for securing his/her own data where possible. Participants using their own mobile devices should be educated to: • Think carefully when composing answers to questions. Do not provide any personal information that is not asked for. • When sending text responses, double-check to ensure that the reply is being sent only to the proper persons/entities. • Delete incoming and/or outgoing text messages containing PHI after sending a response to a prompt or question. • Keep the mobile device password-protected and/or locked to prevent others from accessing text message history. • Make an effort to minimize the chances that the mobile device will be lost or stolen, e.g., lock the device in a drawer when going to a meeting rather than leaving the phone out on the desk. • When syncing the mobile device with another device or computer for any sort of data transfer, take special care to ensure that texts containing PHI are not transferred. • Do not post or copy any texts or parts of texts containing PHI on any social media site. • Contact the Study Administrator in the event of a potential data breach, the loss of the mobile device, or suspicious texts claiming to be a part of the study. Some or all of the items listed above may be included or referenced in the consent agreement. At the least, the consent agreement should include an acknowledgment that the participant received and understood the instructions. The Last Word Careful planning, communication, and education go a long way toward HIPAA-compliant use of SMS. When combined with our Quality Program and stringent security measures, data is as safe as it can possibly be. Questions? Existing Mosio clients, please contact support@mosio.com with any questions or concerns. If you are looking to utilize the power of text messaging in your next research study, please visit us at http://www.mosio.com.