Dedicated to providing the latest
HIPAA compliance news

Is Text Messaging HIPAA Compliant?

Is Text Messaging HIPAA Compliant?

Is Text Messaging HIPAA Compliant?

The answer to the question “is text messaging HIPAA compliant” is generally “no”. Although HIPAA does not specifically prohibit communicating Protected Health Information (PHI) by text, a system of administrative, physical and technical safeguards has to be in place to ensure the integrity of PHI when it is “in transit” – i.e. being communicated between medical professionals or covered entities.

Traditional SMS messages – the type of message typically sent from one mobile device to another – are not HIPAA compliant. This is because they lack encryption, there are no safeguards to prevent a text message being sent to a wrong number, text messages are stored indefinitely on service providers´ servers, and text messages sent in plain text can be intercepted.

Furthermore, mobile devices containing PHI are frequently lost or stolen – potentially exposing PHI to unauthorized access if data on the devices is read. Consequently, without taking appropriate precautions to ensure the integrity of PHI in transit, the only way an affirmative answer could be given to the question “is text messaging HIPAA compliant” is if the text message did not contain any PHI at all.

How to Ensure the Integrity of PHI in Transit

A solution to the “is text messaging HIPAA compliant” issue is to implement secure messaging. Secure messaging works in a similar way to text messaging inasmuch as users can type out a message, add an attachment and send it to a colleague. However, security mechanisms within the secure messaging solution provide the necessary safeguards to ensure the integrity of PHI in transit.

Messages are encrypted, they can only be sent to colleagues within a covered entity´s communications network, the messages are archived on a separate, secure server and administrative controls enable the remote retraction and deletion of messages if a mobile device is lost or stolen. Due to the ID authentication process, administrators can also PIN-lock apps installed on a mobile device.

Other mechanisms exist to assign message lifespans to communications sent through a secure messaging solution, while users are automatically logged out of their secure messaging apps after a period of inactivity to prevent authorized access to PHI. All user activity is monitored and logged to oversee how users are communicating PHI in text messages and to ensure that secure messaging policies are being adhered to.

The Benefits of HIPAA Compliant Text Messaging

In addition to ensuring the integrity of PHI in transit, there are significant benefits associated with implementing a solution to resolve the issue of “is text messaging HIPAA compliant”. The monitoring of user activity plus features such as delivery notifications and read receipts ensure message accountability. This in turn reduces phone tag and accelerates the communication cycle.

Being able to send and receive PHI “on the go” assists on-call doctors and community nurses, while in-house physicians can also receive lab reports, wound images and test results with secure messaging. A group messaging feature fosters collaboration, and can be used to accelerate hospital admissions and patient discharges – saving time, increasing productivity and enhancing patient satisfaction.

Further benefits can result from the integration of a secure messaging solution with an EMR. The task of updating patient notes can be shared among medical professionals, consultants can prioritize their workflows by organizing their EMR alerts and – according to study conducted in Philadelphia – “advanced EMRs” reduce medication errors (30%) and patient safety incidents (27%).

Further Information about Text Messaging and HIPAA Compliance

This article has only touched on the guidelines used to answer the question “is texting HIPAA compliant”. For further information about the administrative, physical and technical safeguards that have to be in place to ensure the integrity of PHI in transit, you are invited to download and read our “HIPAA Compliance Guide”.

Our guide elaborates on the precautions that healthcare organizations and covered entities should take to prevent unauthorized access to PHI – not only in transit, but also “at rest” – and includes content about the features and benefits of secure messaging solutions to replace unsecure communication channels.