Dedicated to providing the latest
HIPAA compliance news

Survey Shows Only a Quarter of Hospitals Have Implemented a Secure Text Messaging Platforms

Share this article on:

The use of secure text messaging platforms in healthcare has grown over the past few years, although a recent survey published in the Journal of Hospital Medicine suggests adoption of HIPAA-compliant messaging systems remains relatively low, with only a quarter of hospitals using a secure platform for sending messages to clinicians.

The survey was conducted on 620 hospital-based clinicians identified from the Society of Hospital Medicine database.

Secure text messaging platforms comply with HIPAA Rules and feature end-to-end encryption to prevent messages from being intercepted. Access controls are also incorporated to ensure only the intended recipient can view messages. Since messages cannot be sent outside the system, the platforms prevent accidental disclosures of PHI. Multi-media messages can also be sent, including test results and images.

Secure text messaging platforms are a natural replacement for outdated pagers, allowing much more meaningful communication, although the survey suggests only 26.6% of hospitals have introduced the systems. Even when secure messaging systems have been implemented, they were not widely used by clinicians. Only 7.3% of respondents said a secure messaging system was being used by most clinicians.

Pagers remain the most commonly used communication systems and are still used by 79.8% of hospitals to communicate with clinicians. 49% of respondents said they use pagers for patient care–related (PCR) communications.

The survey also revealed that standard text messages are being extensively used, often to communication PHI, even though sending PHI over the SMS network is a violation of HIPAA Rules. Standard text messages are not encrypted, do not have access controls and can easily result in the accidental disclosure of PHI to unauthorized individuals.

52.9% of clinicians said they received standard text messages for PCR communications at least once a day and 21.5% of respondents said they received standard text messages including the individually identifiable information of patients. 41.3% said they received some identifiable information such as patients initials along with health care related information. 21% said text messages regarding urgent healthcare information were received at least once a day.

Text messages are a convenient method of communication for use in hospitals. The majority of physicians carry mobile phones at work, although without a secure messaging platform, there is considerable potential for a HIPAA violation.

The HHS’ Office of the National Coordinator for Health IT has made it clear that standard text messaging is not secure and should not be used to communicate PHI since there is no encryption or access controls.

ONC suggests, “Implementing a third-party messaging solution that incorporates measures to establish a secure communication platform that will allow texting on approved mobile devices.”

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On