So I am trying to implement a secure textmessage service that is HIPAA compliant for a client who is in the medical field. I was thinking may be just use one of the current free text messages with end to end encryption and autodestruct text functions. But is that HIPAA compliant? What is the requirement for the messaging system to be HIPAA compliant?
Anyone with IT experience in the medical field?
You could not be compliant with normal text messaging. If you are talking about text messages, they are not always secure and would probably fall under similar issues faced with email.
Proper encryption and protection can be achieved only using specialized apps and services. If an app provider offered an in-scope for HIPAA service and a BAA, then you might be able to make something work with them. The bottom line is that you would need to really CYA with a qualified security assessor, use a specialized, secure app and ensure that the devices on each end are properly secured as well.
