HIPAA Text Messaging Policies
Anybody who has spent any time in a public space, be it a coffee shop, a mall, or a restaurant, can attest to the fact that text messaging has become ubiquitous. Billions of text messages are sent every day, and for many people, text messaging has replaced other forms of digital communication, such as emails, as their primary means of correspondence.
It is no wonder, then, that so many healthcare professionals opt to communicate directly with their patients, staff, and colleagues via SMS (short messaging service). It allows for quick, convenient person-to-person transmission of information, directly from a personal device. Indeed, research has shown that 80% of healthcare workers use text messaging as part of their professional communications. This is problematic, however, since much of this texting involves protected health information (PHI). These types of communications run the risk of violating HIPAA mandates on security awareness.
HIPAA stipulates that healthcare entities “implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.” The fact of the matter is that most text messaging does not satisfy security measures set forth in HIPAA. Unless digital communications are conducted entirely on a firewall-protected server or else utilize end-to-end encryption, they are in violation of HIPAA policy. The vast majority of SMS texting is neither protected nor encrypted, and thus is in violation of HIPPA guidelines.
Unprotected text messaging can be costly to both the patient (through security breaches that result in sensitive personal information being compromised) and the healthcare entity (through criminal and civil legal action).
One way to avoid security breaches and hacks is to make sure that healthcare entities have in place a HIPAA-compliant text messaging policy. This policy should clearly set out guidelines for all digital transmission of PHI. Without such a policy, healthcare professionals and entities are in danger of putting themselves and their patients at risk.
Another way to ensure HIPAA compliance is to have all professionals within a healthcare organization make use of emerging digital communication technology such as AMTELCO’s miSecureMessages. This smartphone app provides end-to-end encryption that will allow for HIPAA compliance as well as the convenience of using personal devices in the workplace.