" secure text Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci

Posts Tagged ‘secure text’

Does HIPAA really permit reminding patients to pick up their prescriptions?

Thursday, December 8th, 2016

We get calls and text messages from pharmacies like CVS, reminding us that it is time to pick up and/or renew our prescriptions for drugs or other medical items. When you think about HIPAA, this is confusing. In many cases, these reminders constitute Protected Health Information (PHI) … so is this really allowed?

The default answer of “it must be OK if CVS is doing it” is naive as it loses all of the context about what is and is not permitted and does not shed any insight into when and how other organizations may similarly inform or remind patients of things such as prescriptions and appointments.

Is it really PHI?

Read the rest of this post »

SMS is Broken and Hackers can Read Text Messages. Never use Regular Texting for ePHI.

Thursday, June 23rd, 2016

Security firm Positive Technologies has published a report (see their overview of attack on one time passwords and PDF of the SS7 security problems) that explains how attackers can easily attack the protocols underlying the mobile text messaging networks (i.e. the Signaling System 7 or “SS7” protocol).  In their report, they indicate how this makes it easy to attack the two-factor login methods and password recovery schemes where a one-time security code is sent via an insecure text message.

Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume identity of the legitimate user.

SMS is Insecure due to SS7 protocol

Read the rest of this post »

To Text or Not To Text: Texting under HIPAA

Monday, February 29th, 2016

Sending text messages under HIPAA

Sometimes, technology just sneaks up on you. Patients want to speak with you – stat – about lab results or to schedule, be reminded of, and confirm an appointment without an interminable wait in the phone queue. Patients want text messaging — which has quickly become the new normal for everyday communication — to be used routinely for their healthcare needs, as well. You hesitate, concerned not only about the appropriateness of text messaging, but the legal ramifications. These are legitimate concerns.

HIPAA unambiguously states that sending health information in a text message is a straight up violation, unless it is to a patient and a proper consent form has been signed (as discussed below). This provision applies to messages as simple as appointment reminders. If you engage in such a practice and do not document context, consideration, and patient consent, you will be in willful neglect and quite possibly assessed up to $50,000 for each text message.

Why is text messaging such a hot-button issue to HIPAA enforcers? Under what conditions can health information be sent by way of regular text messages? The good news is that you can secure text messages rather simply and not jeopardize your patients’ privacy or your healthcare practice. Please read on.

Read the rest of this post »

Automating the Sending of Secure Messages

Monday, February 1st, 2016

Do you have an application or system that needs to send secure messages on demand?  Do you need the flexibility to encrypt messages in different ways, to include files, HTML, and read receipts, or to have the messages be fully HIPAA compliant?

LuxSci has added secure messaging functionality to its Application Programming Interface (API).

Customers with SecureLine, LuxSci’s message encryption service, can now send secure messages though LuxSci’s REST API.  Features of this service include:

  1. Up to 100 recipients/message  (total daily and monthly recipient limits also exist and can be negotiated).
  2. Up to 70MB of content (body and attachments) per message.
  3. Email encryption via SMTP TLS, Escrow, PGP, and/or SMIME.
  4. The ability to toggle between use of TLS and Escrow on a per-message basis, depending on the level of security needed.  See: next generation opt-in email encryption.
  5. Message delivery tracking
  6. Read receipts — invisible to the recipient and reliable (with SecureLine Escrow).

If you would like to give LuxSci’s SecureLine messaging API a try, please contact LuxSci support and we can enable API access for your real or free trial account.

See also our General API Usage guide, and our API User Functions guide.