TigerConnect

RATIONALE

Traditional text and multimedia messaging via mobile devices have become a general means of efficient and effective communication within our culture and workplace.  In the healthcare setting specifically however, traditional methods of messaging result in serious risk to the confidentiality of information sent due to significant security limitations. 

Traditional text and multimedia messaging are not encrypted, secure or HIPAA compliant.  Traditional text and multimedia messages become part of both the sender’s and receiver’s telephone records which may result in an unauthorized and inappropriate disclosure when such messages contain protected health information (PHI).  Utilizing traditional text and multimedia messages to send PHI violates federal law and puts the offending individuals at risk for serious fines and penalties.  For this reason, ETSU/MEAC Personnel are strictly prohibited from sending PHI via traditional messaging methods. 

SOLUTION

To accommodate both the need to protect PHI and the need for efficient communication of PHI in support of patient care, the University has purchased a secure messaging solution—TigerConnect. 

University assigned TigerConnect accounts are the only approved avenue by which ETSU/MEAC Personnel may send text and multimedia messages that contain PHI. 

To request a University TigerConnect account please submit a TigerConnect Account Request Form found below.

*The VA does not allow VA patient information to be transmitted via TigerConnect. 

*For patient information related to non-ETSU/MEAC patients, you are responsible for ensuring your use of TigerConnect complies with the policies and procedures of the non-ETSU/MEAC facility.

GUIDELINES

• The use or disclosure of PHI via TigerConnect must be permitted under the HIPAA Rules.
  • Relevant permitted uses and disclosures of PHI include:
    • Use or disclosure for the purpose of carrying out treatment, payment or health care operations.
• Reasonable efforts should be made to limit uses, disclosures or requests for PHI via TigerConnect to the minimum necessary amount to accomplish the intended purpose.
• Reasonable efforts should be made to limit uses, disclosures or requests for PHI via TigerConnect to the minimum necessary amount to accomplish the intended purpose.
• Photos, videos, voice files and other data that contains PHI must be captured and sent within the TigerConnect application.
• You are prohibited from using photo or recording functions outside the TigerConnect application.  Please refer to the TigerConnect training video for more information.
• You are prohibited from taking screenshots of TigerConnect messages or otherwise capturing PHI from a TigerConnect message in a non-compliant manner.
• TigerConnect messages that contain clinically relevant information relied upon to make medical decisions must be transferred to the electronic medical record prior to the message expiration date. TigerConnect messages for our organization will automatically permanently delete after 20 days.
• TigerConnect is only functional when the user’s mobile device is connected to the internet. As such, TigerConnect may not be appropriate for use in emergency situations.
• If your personal device is lost or stolen, you must notify the ETSU HIPAA Compliance Office so that data stored in TigerConnect can be immediately wiped from the device.
• You must fully remove the TigerConnect application from your personal device prior to disposal or sale of the same.
• If your employment is terminated you must remove all University related content, including TigerConnect application from your personal device.
• All costs associated with your personal device shall be borne by you; provided however, that the University shall pay for your access to TigerConnect. TigerConnect utilizes WiFi and any data transmitted over the WiFi network will not incur data charges.  If you have questions about data usage you should contact your telephone service provider.

DEFINITIONS

ETSU Personnel: all individuals, whose duties in the clinical or academic setting necessarily involve access or exposure to PHI to carry out healthcare activities or related services. ETSU Personnel also includes all individuals employed by Medical Education Assistance Corporation (MEAC) or working within the clinical setting at a MEAC operated facility.

HIPAA Rules:  the regulations promulgated by the U.S. Department of Health and Human Services (“HHS”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (the “HITECH Act”), as set forth in Title 45, Parts 160 through 164 (the “Privacy Rules”, the “Security Rules”, the “Breach Notification Rules”, and the “Enforcement Rules”) of the Code of Federal Regulations.

Protected Health Information (PHI): all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether printed, spoken, or electronic.

• Common examples of protected health information include a patient’s: diagnosis, prognosis, name, initials, address, date of birth, social security number, payment information, insurance ID number, identities of a patient’s relative, photographs, patient’s email address, etc.

Treatment: the provision, coordination, or management of health care and related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.

 

• TigerConnect Training Videos

  iPhone users:  ETSU TigerConnect Training Video for iPhone Users

  Android users:  ETSU TigerConnect Training Video for Android Users

  **TigerConnect supports Android operating system Ice Cream Sandwich 4.0.3 and above.  Prior operating systems do not allow for compliant texting using TigerConnect and should not be used.  Please call the HIPAA Compliance Office if you have any question about this requirement. 

• Report a Technical Issue with TigerConnect

  STANDARD SUPPORT:

  Standard Support is available 7 Days/Week (excluding holidays):

  Monday – Friday 5:30 am – 5:30 pm PST Saturday/Sunday 8:00 am – 5:00 pm PST 

  PHONE SUPPORT: (650) 564-4722
  EMAIL SUPPORT: prosupport@tigerconnect.com
  Please provide the following when submitting a support request:

  • Details of your issue
  • First and last name
  • Your organization
  • Your email address and/or phone number
• Emergency Support

  EMERGENCY SUPPORT:

  Emergency Phone Support: (650) 741-3555

  Emergency Support is available for situations where TigerConnect is not operational and all users are affected resulting in service outage. Emergency coverage is available 24 hours a day, 7 days a week, including holidays.

  If you require further assistance please do not hesitate to contact the HIPAA Compliance Office. 

• Request or Delete a TigerConnect Account

  ADDING AN ACCOUNT

  To add a TigerConnect account complete the appropriate account request form:  

  • QCOM / MEAC Account Request Form
  • CHS Account Request Form
  • CON Practice Account Request Form ; CON Academic Account Request Form
  • Family Medicine Account Request Form
  • Pharmacy Practice Account Request Form

  DELETING AN ACCOUNT

  To delete an existing account email hipaa@etsu.edu

• TigerConnect for Non-ETSU/MEAC Patient Information

  • For patient information related to non-ETSU/MEAC patients, you are responsible for ensuring your use of TigerConnect complies with the policies and procedures of the non-ETSU/MEAC facility.  If you have questions, please do not hesitate to contact the HIPAA Compliance Office.
  • The VA does not allow VA patient information to be transmitted via TigerConnect.