Understanding ephemeral messaging

Ephemeral messaging refers to sending digital messages that automatically disappear after a certain period. 

What is ephemeral messaging? 

Ephemeral messaging, also known as disappearing messages, gained popularity through platforms like Snapchat and was subsequently adopted by other messaging platforms like WhatsApp. The appeal lies primarily in its ability to minimize the risks associated with message retention and unauthorized access to shared images and videos. 

This form of communication allows messages, images, or videos to vanish after being viewed or after a specified time. However, it has been shown that while ephemeral messaging offers benefits, it can negatively affect certain areas of expertise like digital forensics. A journal article published in Forensic Science International: Digital Investigation states, “Disappearing messages have a severe impact on digital forensics due to the time-sensitivity involved, as well as investigative inexperience with this new and evolving technology.” 

Related: The guide to HIPAA compliant text messaging

Ephermal messaging and HIPAA compliance

Ephemeral messaging, while appealing for its privacy features, poses challenges in healthcare communications, particularly HIPAA compliance. One of the major issues is the inherent risk of message retention which directly conflicts with the requirement for accurate and accessible patient records. 

Healthcare providers must maintain documentation of patient interactions, treatment plans, and informed consent to ensure the continuity of care. There is also the requirement for healthcare providers to provide access to patient records when required for litigation. 

The temporary nature of ephemeral messages can lead to gaps in documentation jeopardizing the maintenance of concise documentation and legal liability for healthcare providers.  

A practical illustration: Virtru

Virtru has faced some backlash for a feature that allows users to recall an email after it’s been sent. While the feature aims to improve security by allowing users to retract emails containing protected health information (PHI), it creates complexities in HIPAA compliant email. 

If a healthcare worker sends sensitive information to the wrong person and fails to retract before it is accessed, a breach occurs. The complexities and potential technical failures of features like email recall often cause delays or challenges that lead to a compromise of its effectiveness. 

Related: Is Virtru's email recall feature worth it?

FAQs

Can healthcare organizations still use ephemeral messaging? 

Healthcare organizations can technically use ephemeral messaging, but it could cause issues if the company experiences a data breach and needs to show records. 

How does ephemeral messaging impact accountability? 

If a message disappears, it can be difficult to know what was in it, who sent it, or if it was viewed. Ultimately, these records can be important for accountability and legality.