[Editors note: HIPAA compliance used to be almost the exclusive concern of medical practices and healthcare professional, but the more we digitally zing medical records and patient information around, the more we leave ourselves open to HIPAA violations and their associated fines.]
iMessage is a go-to technology for Apple users in the medical field because it so easily integrates into pre-existing office infrastructure. Using iMessage for office communication can facilitate quick conversations among office staff–but when it comes to sending and receiving patient data, the question of whether or not iMessage is HIPAA compliant needs to be taken into account.
Some third party apps and Apple Watch health monitoring functions are built to be HIPAA compliant. However, Apple has yet to address HIPAA compliance on its own iMessage platform. Third party HIPAA compliant messaging and data storage apps have become increasingly popular with iPhone and Mac users in the health care field, but Apple’s iMessage messaging service remains insecure and non-compliant.
HIPAA privacy and security regulation mandates that data transmission of protected health information must be fully secure. Protected health information (PHI) is any demographic information that can be used to identify a patient, including name, address, date of birth, social security number, or full facial photographs, among others.
iMessage uses end-to-end encryption, which means that only the sender and intended recipient can view the contents of each message. But what makes iMessage different than other HIPAA compliant messaging services, is that it keeps a cached version of each iMessage sent on its servers. These cached messages can be accessed either by warrant or by a potential hacker in the event of a data breach.
Although critics in the healthcare IT industry have spoken out against Apple’s practice in this regard, the company has yet to announce a change to this policy. Sending PHI over iMessage remains a breach of HIPAA regulation–putting your practice at risk of a data breach and accompanying HIPAA fine.
[READ FULL STORY HERE]