OhMD is HIPAA Compliant

Doctors and Text Messaging

Studies show that over 80% of doctors send text messages that include PHI to other doctors and patients. The ease by which healthcare providers can communicate using text messaging far surpasses any other means of communication, though texting patient health information is a HIPAA violation. In fact, the sending of PHI via text/SMS or email are both considered to be in violation of HIPAA standards.

So what makes OhMD HIPAA Compliant?

It is important to note that there is no definitive guidelines or certifications that are officially recognized to make a product “HIPAA Secure”. Rather HIPAA simply demands compliance with the general rules within it, specifically the Security Rule, the Privacy Rule and the Breach Notification Rule. OhMD supports HIPAA compliance (within the scope of the Business Associate Agreement) but ultimately complying with HIPAA is a shared responsibility between the customer and OhMD.  That said, there are a number of factors that go into making OhMD a HIPAA compliant form of communication that are both logistical and technological in nature:

Logistics

  • By using the OhMD applications, an automatic BAA is put in place which can be accessed here.
  • Using OhMD as your secure texting solution segregates communication containing PHI from your other communication platforms (SMS texting, email, etc.).
  • OhMD was designed specifically for healthcare, so we have built the service with your workflows in mind.  We give you the tools to administer users and their access, control who should be notified of new messages, and manage your patient population.
  • Our staff has completed HIPAA training — we treat your data with respect and care.

Technological

  • Data is encrypted when in transit. OhMD employs TLS RSA with ARIA-256-CBC/SHA-384 for Message Delivery and AES-256 for web service callouts.
  • Data is encrypted when at rest.  OhMD’s hardware is hosted on the East Coast of the United States by Amazon utilizing their EC2 HIPAA compliant service and encrypted using AES-256.  OhMD and Amazon have an executed BAA in place.
  • Account management can be handled by client-side Admins and/or by OhMD Support.  Ability to access and level of access can be managed per user with all users needing unique usernames and passwords.

Conclusion

OhMD is a secure communication platform that can be used to text with patients and colleagues without concern of a HIPAA violation. We have a HiTrust Assessment ensuring our information/network security approach complies with all HIPAA and NIST standards.

Have more questions?  Feel free to email us: team@ohmd.com