Instant messaging and HIPAA
Compliance Monitor, August 19, 2005
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Q. Is instant messaging (IM) to communicate at work an acceptable practice under HIPAA?
A. The HIPAA regulations do not and are not likely to ever specify technologies that are permissible or prohibited. IM may be easy to use and it will let others know when you're "online," which is sometimes a business convenience.
However, permitting use of IM, especially for transmitting confidential information, is not prudent. Many concerns that apply to e-mail also apply to IM. For example, is the transmission encrypted if off the local network? Is the authentication of sender and receiver adequate?
IM is also subject to its own set of technical vulnerabilities and attacks, so its use presents the security team with additional burdens of technically securing IM and training the work force on protective measures. Hence, it appears that today, more healthcare organizations prohibit or severely limit IM use, and with good reason.
Editor's note: Kate Borten, CISSP, CISM, president of The Marblehead Group, answered this question. This is not legal advice. Consult with your attorney for legal matters.
Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!
Related Products
-
Strategies for Health Care Compliance
News and real-life examples to increase the effectiveness of your compliance program. Strategies for Health Care Compliance...
-
Compliance Monitor
This HTML e-mail newsletter delivers news on Medicare and Medicaid fraud and abuse, as well as recent documents and targets...
-
Medicare Weekly Update
Each issue of Medicare Weekly Update includes the latest CMS proposed and final rules, CMS manual revisions, and...
-
Medicare Update for Physician Services
Medicare Update for Physician Services is a free, monthly e-zine that delivers news and information to help physician...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- Cohesive History and Physical Requirements
- Searched