Dedicated to providing the latest
HIPAA compliance news

Texting Medical Information

Texting Medical Information

Texting Medical Information in Compliance with HIPAA

Texting medical information using SMS or any instant messaging service is generally regarded to be in violation of HIPAA when safeguards are not implemented to protect the integrity of PHI in transit. Some exceptions to the rule exist – for example when the “minimum necessary standard” is used in text communications between a doctor and a patient – but the failure to implement security safeguards under any circumstances can expose HIPAA covered entities to the risk of substantial fines should a breach of PHI occur.

Implementing security safeguards for texting medical information in compliance with HIPAA is not difficult or expensive. A simple, cost-effective solution exists so that healthcare providers and other HIPAA covered entities can communicate PHI without the risk of a PHI breach. The solution has also been shown to accelerate the communications cycle in healthcare environments – enabling healthcare providers to streamline workflows and enhance productivity.

The Guidelines for Protecting the Integrity of PHI

The guidelines for protecting the integrity of PHI in transit are contained within the HIPAA Security Rule and come under the subtitles of administrative, physical and technical safeguards. These safeguards concern how PHI should be stored, who should have access to it, and how PHI should be used. They also cover security issues such as how PHI is protected against inappropriate alteration, the systems for ID authentication, and transmission security.

The safeguards apply to texting medical information by any electronic means (including email) when PHI is sent beyond a HIPAA covered entity´s firewalled servers. They stipulate that only authorized users should have access to PHI, that a system of monitoring access to PHI is implemented, that authorized users log into and out of a communications solution, and that all PHI communicated beyond a firewalled network is encrypted.

Why These Guidelines Can Create a Problem for Healthcare Authorities

Texting medical information in compliance with HIPAA can create a problem for healthcare authorities that have relied in the past on BYOD policies. Studies have reported that as many as 80 percent of healthcare providers use personal mobile devices to help support their workflows. Removing this facility in order to comply with the HIPAA guidelines for texting medical information would have a detrimental effect on the flow of communication.

However the risk of a breach of PHI from a personal mobile device is substantial. Any lost or stolen Smartphone – even an unattended Smartphone – can provide unauthorized access to PHI. With fines of up to $50,000 per day per unauthorized disclosure of PHI, it makes financial sense for a healthcare organization to resolve the problem of texting medical information with an appropriate solution.

Resolving the Problem of Texting Medical Information

An appropriate solution to the problem of texting medical information is secure messaging. Secure messaging works in a similar way to SMS and instant messaging services inasmuch as authorized users can send messages, share images and join discussion threads via secure messaging apps in order to collaborate on patient healthcare, admissions and discharges.

The secure messaging apps connect with each other via a private communication network that has mechanisms in place to comply with the guidelines for texting medical information in compliance with HIPAA. These mechanisms ensure that all activity on the network is monitored, prevent PHI from being communicated beyond an organization´s network and log users out of the network after a period of inactivity. Further security measures exist to prevent unauthorized access to PHI if a Smartphone is lost or stolen.

Further Advantages of Secure Messaging Solutions

In addition to ensuring compliance with the HIPAA guidelines for texting medical information, there are further advantages of implementing secure messaging solutions – particularly in regard to productivity. Healthcare organizations that have already implemented a secure messaging solution report the security mechanisms that are in place to ensure 100 percent message accountability also reduce phone tag and allow healthcare providers more time to spend caring for their patients.

The cost-effectiveness of secure messaging solutions has also proven to be a bonus for healthcare organizations. Solutions for texting medical information cost nothing to install and have operating costs lower than pagers. Furthermore, due to the familiar text-like interfaces of the secure messaging apps, there is a quick uptake of the solution by healthcare providers – eliminating the necessity for software training and ensuring that medical information is communicated in compliance with HIPAA.

Find Out More about Texting and HIPAA Compliance

Texting medical information in violation of HIPAA is not the only form of electronic communication that healthcare organizations may have a problem with. Emails containing PHI may also be in violation of HIPAA depending on the circumstances in which they are sent and the safeguards in place to protect the integrity of Protected Health Information.

You can find out more about communicating medical information in compliance with HIPAA in our “HIPAA Compliance Guide” – a free white paper that you are invited to download and read, and which elaborates on the subjects raised in this article. Our guide also provides more details of the advantages of secure messaging solutions, and contains case studies from healthcare organizations that have implemented a secure messaging solution to comply with the HIPAA guidelines for texting medical information.