By Brian Gilmore
Q: The three points of the initiative seem almost contradictory, why work on ways to secure PHI at the same time you are working to get approval for an exception from HHS?
A: The approval for an exception is uncertain. While we believe an exemption is a very valuable concession to seek from HHS, we know that we may not succeed. We also need to be able to comply with the Security Rule requirements regardless of the outcome of the HHS initiative since some telemessaging call centers use significant amounts of substantial PHI and need to be able to transmit it securely. Finally, we know that developing standards and software solutions will take time, while BAs are already contractually required to secure PHI for their clients. If we succeed in getting an HHS exception for insignificant PHI in the interim, then a substantial percentage of the industry will already be in compliance with their Business Associate Agreement (BAAs) while the standards and software solutions are being made ready.
Q: Is dialup TAP really secure?
A: The answer depends on how securely PHI must be protected. HHS recognizes that there are practical limits. While it may be technically possible to intercept unencrypted TAP modem dialup calls from a call center, we believe it is unlikely. HHS guidance suggests they already think the same way, permitting unencrypted dialup facsimile transmissions for example.
Q: So why the call for a RFC and a standard for certain software?
A: To make standardized development possible between all the carriers and their vendors, as well as all call centers and their vendors. There are so many stakeholders involved with so many competing interests that mayhem and mischief is inevitable. The last thing anyone wants to see is proprietary standards, closed networks, and expensive access to text messaging for all but a handful of select telemessaging firms. It is believed that costs will be lowest for all involved if certain open standards can be agreed upon and implemented by the stakeholders. Because some wireless carriers are not expected to adopt open standards, it will be necessary to create PC software to act as a wireless text messaging gateway between telemessaging systems and all the various carriers and their interfaces, proprietary or standardized.
This gateway system should be available as soon as possible for all legacy telemessaging systems. Telemessaging system vendors could build these capabilities into their systems or they could integrate an external system from another vendor. It is expected that telemessaging system vendors will eventually build compelling enhanced software applications that take advantage of the gateway concepts and eventually all telemessaging call centers will be incentivized to upgrade to newer systems to get those features.