skip to main content columnskip to left navigation

HIPAA Compliance Office

The Office of University Counsel

TigerText

 

Secure Messaging Guidelines 

RATIONALE

Traditional text and multimedia messaging via mobile devices have become a general means of efficient and effective communication within our culture and workplace.  In the healthcare setting specifically however, traditional methods of messaging result in serious risk to the confidentiality of information sent due to significant security limitations. 

Traditional text and multimedia messaging are not encrypted, secure or HIPAA compliant.  Traditional text and multimedia messages become part of both the sender’s and receiver’s telephone records which may result in an unauthorized and inappropriate disclosure when such messages contain protected health information (PHI).  Utilizing traditional text and multimedia messages to send PHI violates federal law and puts the offending individuals at risk for serious fines and penalties.  For this reason, ETSU Personnel are strictly prohibited from sending PHI via traditional messaging methods. 

SOLUTION

To accommodate both the need to protect PHI and the need for efficient communication of PHI in support of patient care, the University has purchased a secure messaging solution—TigerText.  University assigned TigerText accounts are the only approved avenue by which ETSU Personnel may send text and multimedia messages that contain PHI.  To request a University TigerText account please submit a TigerText Account Request Form found below.

GUIDELINES

  • The use or disclosure of PHI via TigerText must be permitted under the HIPAA Rules.
    • Relevant permitted uses and disclosures of PHI include:
      • Use or disclosure for the purpose of carrying out treatment, payment or health care operations.
  • Reasonable efforts should be made to limit uses, disclosures or requests for PHI via TigerText to the minimum necessary amount to accomplish the intended purpose.
  • Photos, videos, voice files and other data that contains PHI must be captured and sent within the TigerText application. You are prohibited from using photo or recording functions outside the TigerText application.  Please refer to the TigerText training video for more information.    
  • TigerText messages that contain clinically relevant information relied upon to make medical decisions must be transferred to the electronic medical record prior to the message expiration date. TigerText messages for our organization will automatically permanently delete after 20 days. 
  • TigerText is only functional when the user’s mobile device is connected to the internet. As such, TigerText may not be appropriate for use in emergency situations.
  • If your personal device is lost or stolen, you must notify the ETSU HIPAA Compliance Office so that data stored in TigerText can be immediately wiped from the device.
  • You must fully remove the TigerText application from your personal device prior to disposal or sale of the same.
  • If your employment is terminated you must remove all University related content, including Tigertext application from your personal device.
  • All costs associated with your personal device shall be borne by you; provided however, that the University shall pay for your access to TigerText. TigerText utilizes WiFi and any data transmitted over the WiFi network will not incur data charges.  If you have questions about data usage you should contact your telephone service provider.

DEFINITIONS

ETSU Personnel: all individuals, whose duties in the clinical or academic setting necessarily involve access or exposure to PHI to carry out healthcare activities or related services. ETSU Personnel also includes all individuals employed by Medical Education Assistance Corporation (MEAC) or working within the clinical setting at a MEAC operated facility.

HIPAA Rules:  the regulations promulgated by the U.S. Department of Health and Human Services (“HHS”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (the “HITECH Act”), as set forth in Title 45, Parts 160 through 164 (the “Privacy Rules”, the “Security Rules”, the “Breach Notification Rules”, and the “Enforcement Rules”) of the Code of Federal Regulations.

Protected Health Information (PHI): all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether printed, spoken, or electronic.

  • Common examples of protected health information include a patient’s: diagnosis, prognosis, name, initials, address, date of birth, social security number, payment information, insurance ID number, identities of a patient’s relative, photographs, patient’s email address, etc.

Treatment: the provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.

 

ETSU TigerText Training Videos

iPhone users:  ETSU TigerText Training Video for iPhone Users

Android users:  ETSU TigerText Training Video for Android Users

**TigerText supports Android operating system Ice Cream Sandwich 4.0.3 and above.  Prior operating systems do not allow for compliant texting using TigerText and should not be used.  Please call the HIPAA Compliance Office if you have any question about this requirement. 

 

Reporting Technical Issues to TigerText

Support is available 7 days a week by telephone:  1-650-56HIPAA (1-650-564-4722)

  • Monday – Friday 8:30am to 8:30pm EST
  • Saturday – Sunday 11am to 9pm EST

When reporting a problem it is helpful if you have the following information available:

  • Sender name
  • Recipient name
  • Message ID #:  to find out the message ID simply press and hold down on any message, then select “details” from the pop-up menu.  The message ID is the first number.
  • Time the issue occurred
  • Organization Name:  ETSU

Email Support:  prosupport@tigertext.com

You can also email support this information directly.  On the mobile device simply press and hold down any message, then select “details” from the pop-up menu.  At the bottom you will see the option “Email Support.”

If you require further assistance please do not hesitate to contact the HIPAA Compliance Office. 

 

Requesting a TigerText Account

ADDING AN ACCOUNT

To add a TigerText account complete the appropriate account request form:  

DELETING AN ACCOUNT

To delete an existing account email

 

 

 

icon for left menu icon for right menu