Text Messages and HIPAA Compliance
The Issue of Sending PHI in Text Messages
Sending PHI in text messages and HIPAA compliance are not normally words you would find adjacent to each other. The sending of Protected Health Information (PHI) in any unsecure electronic format was effectively outlawed when changes were made to the HIPAA Privacy and Security Rules in 2013.
Of particular relevance to sending PHI in text messages and HIPAA compliance are the technical safeguards of the Security Rule. These state that mechanisms must be put in place to control access to PHI, to account for how it is used, and to ensure the persons sending and receiving PHI are who they say they are.
Furthermore, any PHI transmitted outside of an organization´s internal network has to be encrypted in order that it is unreadable, undecipherable and unusable should it be intercepted in transit – often an impractical task in organizations where employees used multiple operating systems over multiple devices.
The issue of sending PHI in text messages is particularly grave for healthcare organizations that have implemented BYOD policies. It has been estimated that around 80% of physicians use a personal mobile device to manage their workflows. Without a suitable, HIPAA-compliant alternative to sending PHI in text messages, the flow of communication in a healthcare organization will be affected significantly.
Secure Messaging Solutions Resolve Issues Surrounding Text Messages
Secure messaging solutions work by creating a private communications network within a healthcare organization. The network can only be accessed by authorized personnel via secure messaging apps that can be downloaded onto any device or operating system. The apps work in a similar way to commercially available messaging apps, and have a text-like interface that users will recognize immediately.
The primary difference from a user point of view between secure messaging apps and commercially available apps is that authorized personnel will have to authenticate their ID by logging in with a centrally-issued username and PIN number at the start of every session. Automatic logoffs also exist to prevent unauthorized access to PHI when a mobile device or desktop computer is left unattended.
Behind the scenes a lot more is going on to enable the sending of PHI in text messages and HIPAA compliance. All communications between authorized personnel are encrypted and all activity on the network is monitored. Security mechanisms prevent PHI from being sent outside of the network, copied and pasted or saved to an external hard drive.
Messages are assigned message lifespans so that they delete automatically, and administrators have the ability to remotely retract and delete any message that is sent or received on a mobile device that is subsequently lost, stolen or otherwise disposed of. All of these precautions against the unauthorized access of PHI make the relationship between text messages and HIPAA compliance acceptable.
The Benefits of Secure Messaging
Secure messaging is more than just a solution to the issue of text messages and compliance. Due to the security mechanisms implemented to ensure message accountability, phone tag is practically eliminated – resulting in a higher level of productivity for medical professionals. Community nurses can escalate patient concerns without returning to the office and on-call doctors can receive PHI on the go with secure messaging.
The group messaging capabilities of secure messaging solutions foster collaboration and can be used to accelerate hospital admissions and patient discharges. When integrated with an EMR, secure messaging has been seen to reduce patient safety incidents by 27% and reduce medication errors by 30%, and prescription errors can be corrected much quicker with secure texting than by fax.
In addition to enabling medical professionals to send text messages and HIPAA compliance be assured, secure messaging increases productivity, streamlines workflows and improves the standard of healthcare delivered to patients. Secure messaging is also cost-effective when compared to other potential solutions for the issue of sending PHI in text messages and HIPAA compliance.