u/VisualReindeer1843

Currently trying to help an SUD Counseling nonprofit navigate compliant work cell phone usage, which is not as straightforward as we'd like it to be.

Some interpretations are alarming - such as merely using SMS to communicate with a client is a breach, since just the fact that their phone number (identifies client) is communicating with our phone number (belonging to SUD service) and then is stored by telecom's data (not BAA protected)

What is the appropriate level of action here? Is informed consent sufficient? Do we need a secure messaging app for true compliance? Something in between? It seems unclear, so I'm trying to get a baseline level of understanding before I reach out for consultation.

Currently trying to help an SUD Counseling nonprofit navigate compliant work cell phone usage, which is not as straightforward as we'd like it to be.

Some interpretations are alarming - such as merely using SMS to communicate with a client is a breach, since just the fact that their phone number (identifies client) is communicating with our phone number (belonging to SUD service) and then is stored by telecom's data (not BAA protected)

What is the appropriate level of action here? Is informed consent sufficient? Do we need a secure messaging app for true compliance? Something in between? It seems unclear, so I'm trying to get a baseline level of understanding before I reach out for consultation.