The ARMA Information Governance Principles are very relevant to today’s world of mobile communications. There are 8 of them all together, and in this blog we will discuss 7 of them in great detail. In our last blog we discussed the principle of protection. This one will be focused on Availability and Compliance.
The Principle of Availability states: An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information.
The Principle of Compliance states: An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization’s policies.
In terms of availability and quick responsiveness, one of the most immediate and expedient ways to communicate is via text and chat. Text and chat have become prevalent in our personal lives and have also become a popular way to conduct business. Text messaging and chat are the tools of today’s fast paced modern world. We tend to respond to text immediately as opposed to email, which may sit in our inbox for a while or sometimes may be entirely ignored. Unfortunately, as we discovered with protection, these are some of the least secure means of communication.
So what to do?
What if I am a visiting nurse organization and I must have immediate communication between a provider and a physician or a patient’s family member? Having the right information just in time is critical, but of course that must be done securely and in a compliant manner. That means that the right information must be captured for completeness of the patient record and stored in a secure repository. HIPAA regulations do not allow texting of patient data, unless using a secure, encrypted messaging application.
So, what is to be done to accommodate the accepted method of communication while still maintaining protection availability and compliance of the information?
- Do NOT use unsecure chat and text for business purposes.
- Do allow enterprise text messaging via secure, encrypted texting application.
- Expire the messages off the devices in accordance with policy.
- Where necessary for corporate records or other compliance reasons, make sure to capture the record in the secure repository of record.
- Facilitate easy communications. Make deployment, invite process and access to messaging as simple as possible.
- Make it easy for people outside the organization, such as a patient family member, to communicate and to enable such communications.
- Ensure that your policies do not remove content from the devices too soon for practical business purposes.
- Make sure you can create appropriate workflows so the right people have the right information just in time.
- Make the information available ONLY to the right people.
In short, go ahead, allow secure texting for your business needs, do it wisely and you will not regret it. In fact, your business will flow faster and you will remain in compliance. To find out more about how secure messaging can help you enforce information governance principles at your organization and further benefit your mobile workforce contact us.