HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Text Messaging in Healthcare

There has been something of a communication revolution in recent years with pagers and faxes being ditched in favor of modern, communications systems and text messaging in healthcare is now commonplace.

Healthcare providers are using text messages to send patients appointment reminders. Patients can also cancel appointments by text, which has drastically reduced the number of no shows. Messages are often sent to patients advising them about delays, which reduces wait times and improves the patient experience. Prescription reminders are often sent to patients by text, which has reduced the number of uncollected prescriptions. These services are proving popular with patients. A study by Software Advice revealed 20% of patients prefer receiving health information from healthcare professionals by text message rather than using patient portals.

Text messaging in healthcare streamlines communication between all members of the care team, patient handovers are improved which reduces the potential for errors, and the ability to text staff members eliminates phone tag and hours of wasted time. The use of text messaging in healthcare has helped reduce the cost of healthcare provision and has improved the patient experience and staff satisfaction levels. Less time wasted by staff means more time can be devoted to treating patients.

Risks of Text Messaging in Healthcare

Text messaging is a fast, efficient, and convenient method of communication. Messages can be sent from virtually any location to mobile devices. Instant messaging solutions support the sending send audio and video files, images, and other file attachments via text. However, while there are clear benefits to be gained from allowing the use of text messaging in healthcare, it is not without its risks.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Many text messaging platforms do not feature end-to-end encryption so data can be intercepted in transit. Messages can easily be sent to incorrect individuals as there is next to no recipient verification, and messages containing important information could also easily be deleted. Messages can remain on devices indefinitely creating a major privacy risk and if mobile devices are lost or stolen, text messages containing electronic protected health information could easily be viewed by unauthorized individuals.

Text Messaging and HIPAA

HIPAA does not prohibit the use of text messaging in healthcare. It is perfectly acceptable for doctors, nurses, and other healthcare professionals to communicate with each other – and even patients – via text message. However, there are requirements that must be satisfied before any text messaging platform can be used for sending electronic protected health information.

The HIPAA Security Rule requires safeguards to be implemented to ensure the confidentiality, integrity, and availability of ePHI. Controls must be put in place to ensure ePHI cannot be accessed by unauthorized individuals. Protecting ePHI requires access controls to be in place and data must be encrypted at rest and in transit.

Controls are needed to ensure that ePHI cannot be altered or accidentally destroyed and an audit trail must be maintained, and the activity of authorized individuals monitored.

Standard SMS messages lack all these controls. There is no control over where messages are sent, messages are not encrypted so they can be intercepted in transit, and messages can be stored on service providers’ servers for long periods of time and could be accessed by unauthorized individuals. Even consumer-grade instant messaging platforms that have end-to-end encryption are not HIPAA compliant.

How to Gain the Benefits of Text Messaging in Healthcare Environments

In order to gain the benefits of text messaging in healthcare while meeting all requirements of HIPAA, a HIPAA-compliant text messaging platform must be used.

HIPAA-compliant text messaging platforms incorporate technical safeguards to ensure the confidentiality, integrity, and availability of ePHI and meet all requirements of the HIPAA Security Rule. The platforms are closed systems so messages can only be sent to individuals authorized to use the platform. Access controls are in place to only allow authorized individuals to login and every message sent through the system is protected with full end-to-end encryption. These messaging platforms incorporate safeguards to prevent message tampering and mechanisms are in place to ensure that in the event of the loss or theft of a mobile device, messages cannot be accessed by unauthorized individuals.

Healthcare organizations that have adopted secure text messaging platforms have reported improvements in productivity, quality of care, reductions in patient stays, faster transfer times and patient throughput, shorter waiting times, improved bed utilization, better resource optimization, fewer medical errors, improved continuity of care, reduced costs, better Press-Ganey scores, and improved staff morale.