Dedicated to providing the latest
HIPAA compliance news

Texting Patient Information

Texting Patient Information

When is it Possible to Send Patient Information by Text?

Texting patient information has generally been considered to be in violation of the Health Insurance Portability and Accountability Act (HIPAA), but this is not necessarily the case. Text communications between a medical professional and a patient are permissible, provided that the doctor applies the “minimum necessary standard” to reduce the risk of the unauthorized exposure of Protected Health Information (PHI).

Electronic communications between other healthcare professionals and Business Associates are also allowed, provided that all parties involved adhere to the technical requirements of the HIPAA Security Rule. Unfortunately most “traditional” channels of text communication do not adhere to the technical requirements of the HIPAA Security Rule – exposing healthcare authorities to the risk of civil action and substantial fines when a breach of PHI occurs.

What are the Technical Safeguards of the HIPAA Security Rule?

The technical requirements of the HIPAA Security Rule are a series of standards intended to prevent unauthorized access to PHI and protect the integrity of Protected Healthcare Information while it is in transit. The requirements concern who has access to PHI, how it is used, how it is protected against inappropriate alteration, the methods for ID authentication, and transmission security.

The requirements apply to texting patient information by SMS, communicating by IM, or sending an email beyond a healthcare organization´s internal servers. They require that access to PHI is limited to those who need access to do their jobs (authorized users), that a system of monitoring access to PHI is implemented, that authorized users log into and out of a communications solution, and that all PHI send beyond an organization´s network is encrypted.

The Issue of Texting Patient Information for Healthcare Authorities

Texting patient information in compliance with HIPAA is a major issue for healthcare authorities – particularly those that have encouraged BYOD policies. It has been estimated that as many as 80% of medical professionals use personal mobile devices to help streamline their workflows, and most would be reluctant to give up the speed and convenience of their Smartphones, tablets or laptops.

Nonetheless, the risk of a breach of PHI is substantial. It only takes one lost or stolen Smartphone – or one unattended Smartphone – containing unencrypted PHI for a healthcare authority to be liable for the unauthorized disclosure of PHI. With fines of up to $50,000 per day per offence, it makes financial sense for a healthcare organization to find a solution to the issue of texting patient information.

Resolving Patient Texting Issues with Secure Messaging

Secure messaging works in a similar way to SMS and IM inasmuch as authorized users can text each other, share images and join group messaging threads to collaborate on patient healthcare. However, the secure messaging apps that are used to connect to a healthcare organization´s network have mechanisms in place to comply with the technical requirements of the HIPAA Security Rule.

This means that all activity on the network is monitored, safeguards are in place to prevent PHI being transmitted outside of an organization´s network and users are logged out of the network after a period of inactivity. If an authorized user loses their Smartphone, mechanisms are in place to remotely delete any communications on the app and PIN-lock it to prevent unauthorized access to PHI.

Find Out More about Secure Messaging Solutions

Naturally, in a single-page article, it is not possible to reproduce all the requirements of the HIPAA Security Rule. Nor is it possible to list all the benefits of a secure messaging solution to enable texting patient information in compliance with HIPAA. Therefore you are invited to download and read our “HIPAA Compliance Guide”.

Our free guide to HIPAA compliance contains details of all the conditions that have to be in place before texting patient information is HIPAA compliant and further information about secure messaging solutions. The white paper includes case studies from medical facilities that have implemented secure messaging solutions that show how simple and effective a secure messaging solution can be.