HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Does your Organization Need a Secure Text Messaging Service?

Text messaging has revolutionized worldwide communications. Since the first service was provided in the United States in 1995 it has grown to become one of the most popular – and most frequently used forms of communication, with 74% of mobile users – some 2.4 billion individuals worldwide – now using SMS to communicate with colleagues, friends and relatives.

SMS messages are also used extensively in healthcare. 87% of healthcare professionals now use their mobile devices in the workplace, whether that is their own phones – via hospital Bring Your Own Device schemes – or those issued by a healthcare provider. According to a Manhattan Research/Physician Channel Adoption Study, physicians spend 64% of their online time looking for information that allows clinical decisions to be made.

However, while extremely prevalent in healthcare, text messaging is inherently insecure. Any PHI transmitted over the mobile network can be potentially viewed by numerous unauthorized individuals. Text message can be relayed and routed via multiple carriers, the messages can remain on servers – in an unencrypted form – for months and there is no guarantee that the intended recipient is the person that will receive and read the message.

The Benefits of Text Messaging in Healthcare

As a result of these vulnerabilities, healthcare providers must either use secure messaging systems or implement policies and procedures that limit the material permitted to be sent over mobile networks. The latter is particularly difficult, as it relies on every individual refraining from sending certain types of material via text message. That is something particularly difficult to enforce, and even with the most diligent staff, a HIPAA breach will eventually occur.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

In spite of the security risks, mobile communications have potential to greatly improve efficiency and productivity in the healthcare industry. Healthcare text messaging helps to foster a more collaborative working environment, allowing all members of the care team to communicate between each other quickly and efficiently. Text messaging is therefore far better than the slow and tedious communication systems used in many hospitals.

Mobile phones and other devices such as tablets increase efficiency, improve productivity and allow better clinical decisions to be made. Unfortunately, while the positives far outweigh the negatives, HIPAA does not allow PHI to be communicated via text message unless it is via a secure channel. PHI must, after all, be safeguarded at all times.

The Solution: Secure Text Messaging Services

Text messaging improves communication, efficiency and productivity in healthcare, although only secure text messaging systems allow the communication medium to be used without risking the inadvertent disclosure of PHI.

Secure messaging systems allow doctors and other healthcare professionals to access and communicate patient health records, text results and x-rays quickly, improving collaboration between departments and decreasing the time taken for doctors to diagnose and treat patients. Text messages also eliminate phone tag, a major problem in busy hospitals.

If you operate a BYOD scheme or you supply mobiles to physicians and other healthcare professionals at your place of work, yet you have not yet implemented a secure text messaging solution, you are at risk of violating HIPAA and could receive a substantial OCR fine for HIPAA non-compliance. You are also putting the privacy of patients at risk.

If you are not sure if a secure text messaging solution is right for your organization, the following infographic should help you to decide:

12 Ways Secure Messaging is Used in Healthcare


Infographic Source: Tigertext

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.