This entry is part 12 of 26 in the series HIPAA Privacy-Security Reminders

DON’T DO IT! The dangers of Instant Messaging are well documented.  In addition to the fact that IM is hugely insecure, even the popular instant messaging services are now also vulnerable  to any viruses, scammers and other attacks. Learn more about what you and your company should be doing…

Instant Messaging (IM) is an increasingly popular form of electronic communication that enables users to exchange text-based messages and files over the Internet in real-time.

Similar to telephone communication except via computer, IM applications allow users to maintain a contact or “buddy” list of other users; alert users when anyone on their list is “online”; and create semi-private sessions where users can exchange messages and data with each other in real-time. Popular IM providers include AOL, MSN, Yahoo, Skype and ICQ.

IM is not secure and should not be used to communicate any confidential or sensitive information, especially electronic Protected Health Information (ePHI).

IM providers maintain and control user messages, logs and connection information on their servers. Although providers offer some degree of encryption, there have been instances of IM user logs being captured and used for unethical or criminal purposes.

IM is subject to “eavesdropping” and hackers can use IM as an entry point to compromise data residing on a computer. IM also serves as an entry point for viruses, worms, Trojans and other forms of malware.

Do not use IM to communicate any protected health information (PHI). In addition, IM applications should not be installed on any computer that contains or accesses systems containing ePHI.

For further information, please visit this Symantec article entitled Instant Insecurity: Security Issues of Instant Messaging.

The complete HIPAA Privacy, Security and Breach regulations are here.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminders – Do Not Abuse Your Information System PrivilegesHIPAA Privacy and Security Reminders – Encryption is The Key to Privacy and Information Security >>

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.