Electronic Messaging of PHI
HIPAA Compliant Messaging
TTUHSC implements reasonable and appropriate measures to guard against unauthorized access to and protect the integrity and confidentiality of electronic Protected Health Information (ePHI) that is being sent, received, or stored using an email or other electronic messaging system (“electronic messaging”). Transmission of any electronic message containing ePHI must be in accordance with TTUHSC Privacy Policies governing PHI use and disclosure. Any electronic message that contains ePHI will be sent using a secure electronic messaging system that has been approved by TTUHSC IT. Electronic messages that contain ePHI must be stored in a secure manner.
Emailing PHI:
It is the policy of the TTUHSC to secure confidentiality of PHI by email. PHI is allowed
in “internal” messages without encryption, i.e., the email must go to another ttuhsc.edu
email address. Transmission of PHI to external parties outside of TTUHSC, i.e., any
email address other than ttuhsc.edu, must be encrypted. This is for emails to patients,
providers, hospitals, payors, etc. Here is a guide on how to send encrypted emails:
How to: Sending encrypted emails with Proofpoint
Zoom Team Chat:
Zoom Team Chat is a HIPAA Compliant messaging platform that allows users to communicate
between coworkers and external Zoom users. Zoom Team Chat allows sending text, audio,
and video messages, and sharing files, and screenshots. Messages can be sent to contacts,
groups, or an entire channel. The Zoom Team Chat option is available through the Zoom
App on computers or mobile devices. Zoom Team Chat is now the HIPAA compliant and
approved electronic messaging platform for TTUHSC team members to use when messaging
PHI. Here are some resources on how to use Zoom Team Chat: TTUHSC Zoom Team Chat
Other Electronic Messaging of PHI:
Cortext (by Imprivata) used to be the approved platform to text PHI at TTUHSC. However, Cortext will be end of life in March of 2024. Cortext will not be supported after March 15, 2024, and all Cortext users should
stop using Cortext and delete the App from their devices on or before March 15, 2024.
Texting PHI using the text messaging function (SMS) on personal cellphone is prohibited
at TTUHSC since text messaging is not HIPAA compliant. Using any other messaging platforms
other than Zoom Chat (or any platform not approved by TTUHSC IT) to communicate PHI
is also prohibited. For example, Facebook Messenger shall never be used to communicate
PHI.
FAQ
Here is a guide on how to send encrypted emails: How to: Sending encrypted emails with Proofpoint
Please follow the instructions here: How to: Setup and Log into Zoom. If you have questions, please contact the IT Solution Center at (806) 743-1234 or by email at ITSolutions @ttuhsc.edu
There are a number of requirements identified in the HIPAA legislation for electronic communication of PHI. These include regulations on encryption, authentication, archiving and auditing of information. Zoom Chat allows TTUHSC team members to use the App on mobile devices or on computers for convenient messaging while meeting all enterprise-class security requirements, all backed up by the Business Associate Agreement from Zoom.
Please learn how to use Zoom Chat by reading the TTUHSC Knowledge Base articles here: Zoom Team Chat.
No, Cortext will be end of life in March of 2024. Cortext will not be supported after March 15, 2024, and all Cortext users should stop using Cortext and delete the App from their devices.
Yes. Here are instructions on how to Take and Send Pictures with Zoom Team Chat on Mobile Device. Remember, your should not use the camera function on your cellphone to do it. You should always open the Zoom Chat app and use the camera function within the app to take a picture and send it to their colleagues if the picture contains PHI or other confidential information.