How to Keep Text Messaging HIPAA Compliant
The use of cell phones and other wireless
technology in patient care is a big trend in
medicine. Many OMS find text messaging
provides quick access to the information
they need to make decisions. But OMS and
staff need to keep in mind privacy and
security concerns when texting. Whether the
devices are organization owned or
personally owned, organizations that use
mobile devices to text health information
should comply with HIPAA regulations.
Typical short message service (SMS) texting
doesn’t offer the security necessary to send
protected health information (PHI). That
means patient privacy might be
compromised if those messages can be seen
by unauthorized individuals.
Also, multiple carriers might be involved in
routing text messages, messages can
remain on servers unencrypted, and there’s
no guarantee the intended person will
receive and read the message. 1 Security of
PHI is a top concern for OMS and their
practices. And if unsecure texting results in
HIPAA violations, you could face costly
penalties.
So how can you make sure your texting
habits are up to HIPAA standards? First, you
should decide how to incorporate texting
into health record
documentation
policies. HIPAA states
that individuals have
the right to view and
amend PHI used to
make clinical decisions
about their care,
which might include information sent via
text. As such, organizations that allow text
messaging should develop policies “requiring
annotation of the medical record with any
ePHI that is received via text and is used to
make a decision about a patient." 2
Although HIPAA doesn’t ban sending PHI
through text, a system of administrative,
physical, and technical safeguards must be
used to ensure the integrity of the PHI “in
transit.” 3 To do that, OMS must use secure
messaging systems. When starting that
process, check with your accrediting
organization to see if they provide guidance
or texting standards. For example, The Joint
Commission requires healthcare employees
send text messages through a secured
messaging platform that includes a secure
sign-on process, encrypted messaging,
delivery and read receipts, date and time
stamps, customized message retention
(Continued)