Securing Smartphone Communications for HIPAA

When HIPAA was passed back in 1996, the state of communications technology was not where it is today. Cell phones were rarely seen. Car phones were the same size as house phones. E-mail programs were still largely text based and downloading an attached file could take hours and cause several missed calls as Internet services were mostly provided through phone lines.

Since HIPAA hasn’t changed fast enough to keep up, the technology has adapted to HIPAA’s requirements. Medical providers have hired third party developers and services like Med Tunnel to ensure that smart phone communications are secure, that the solutions deployed are relevant, actually work and are not fiscally prohibitive.


Medical providers truly do benefit as technology makes communication easier, and it allows patients and providers to connect more efficiently, and requires less individual administrators and assistants to answer phone calls and set up phone calls and in person meetings. E-mail and other electronic communications have drastically improved the quality and reliability of medical providers communications with patients. All these advancements in communication technology have changed the landscape of medical care. People now send their doctors photos via “e-mail portals” to show them a rash.

This sometimes allows doctors to diagnose and prescribe medication without ever having an in-person consult. While this may seem like the patient is not being afforded much time, all anyone has to do is remember their last trip to the doctor: 20 minutes filling out forms, 20 minutes waiting, 2 minutes with the nurse, another 15 minutes waiting for the doctor, then 2 minutes with the doctor and then leave. When you realize many simple appointments can be taken care of via e-mailing questions and answers back and forth, it becomes readily apparent how modern communication is changing the landscape of how individuals and their doctors connect.

HIPAA and the Smart Phone

Before providers had to tackle smart phone communications, they had to figure out how to make e-mail communications HIPAA compliant and secure. Most people have received an email from their doctor, but the email does not go into your regular email inbox. When our doctors or hospital emails us, we get an email telling us to sign into the hospital’s own “secure message center” or something of that sort of platform. Medical providers secured email communications by providing exclusive platforms for the communications. When you want to send a message to your doctor, you have to sign into the hospital messaging center and send the message through the messaging center.

Using these “messaging centers” is important for HIPAA compliance because the hospitals are responsible for making sure your private medical information is not shared with anyone except you. Some providers will actually send information outside these messaging centers upon request, however the messages will usually be contained in password protected attachments.

As you can see from how medical providers handle email, with the rise of smart phones, people are able to do more right from their phones, and are able to access websites and the providers’ “messaging centers” from their phones. Additionally, some providers offer instant messaging services. These can be very difficult to secure, however, providers can still use two-step or three-step authentication processes to ensure HIPAA compliance with these types of communications. Also, a big concern for any smart phone communication is the type of Internet connection that the device has established. Cellular data networks are not nearly as secure as we-fi networks, which themselves have varying levels of security. However, the security of the network is less an issue for the provider and more so one for the individual end-user.