Is HIPAA-Compliant Texting Necessary? – Telehealth.org Blog

Facebook
LinkedIn

Newer technologies have replaced pagers and faxes. Texts are the most frequently used, with as many as 23 billion texts being sent worldwide daily. This translates to 270,000 texts every second. Almost 58% of consumers report that texting is the best way to reach them quickly.It is no wonder that healthcare practitioners are using text…

Newer technologies have replaced pagers and faxes. Texts are the most frequently used, with as many as 23 billion texts being sent worldwide daily. This translates to 270,000 texts every second. Almost 58% of consumers report that texting is the best way to reach them quickly.

It is no wonder that healthcare practitioners are using text messages for a variety of reasons. One of the most comments, texts are successfully used to send clients and patients automated appointment reminders to reduce the number of no-shows. Patients are also empowered to cancel appointments and alert a provider or office that they will arrive late. Much appreciated by busy clients, text messages are increasingly being sent by providers or their offices when the practitioner is delayed, thereby avoiding the irritation of clients who show up on time but are forced to wait. Prescription reminders, re-ordering invoices, and delivery instructions are often exchanged with patients by text, reducing unwanted and uncollected prescriptions.

Text messaging interventions are also becoming more common when working with people who are depressed or anxious, in patients with diabetes, overweight and obese women, harm reduction in college drinkers, and improve treatment-seeking behaviors in young people with early psychosis. The asynchronous nature of texting allows text messages to be sent to the intended recipient and read at the patient’s convenience. A fair amount of attention has also been paid to the risks and benefits of texting, such as texting while driving. As this technology grows, so should the knowledge base of clinicians who share protected health information with or about clients and patients via texting with patients.

Risks of Text Messaging in Healthcare

Text messaging is a quick, efficient, and minimalist form of communication that gets to the point but leaves a written record of facts and other helpful information. Messages can be sent from one person to another or shared by a group. Links to webpages, music, art, photos, jokes, videos, and other digital information can easily be included. While there are many advantages to using text with and about patients, text messaging in healthcare poses risks that HIPAA addresses.

The most problematic form of text messaging is that embedded in new phones. Out of the box, most text messaging systems, such as iMessage, do not use end-to-end encryption, opening the door to messages being intercepted as they travel around the planet or across the room.

  • Embarrassing messages can be sent to the wrong party by clicking on the wrong name on one’s phone.
  • Messages intended for an individual can be accidentally sent to a group.
  • Phones can be lost, and if they are not password protected, access to past messages can be relatively easy for anyone finding the phone.
  • Messages can remain embedded in the sim card of a smartphone, or its circuitry, despite being deleted from the text messaging app itself.
  • Someone upgrading to a new smartphone can inadvertently forget to remove the sim card from the old phone when mailing it back to the manufacturer for a rebate.
  • These “slips” can create serious privacy risks for patients, as text messages containing PHI can easily be viewed by unauthorized individuals.

Text Messaging and HIPAA

HIPAA allows text messaging in healthcare, but there are rules. With Washington’s intense focus on cybersecurity, every clinician’s responsibility is to biome aware and compliant with all current requirements. In particular, the HIPAA Security Rule requires safeguards to be implemented to ensure the confidentiality, integrity, and availability of ePHI.

  • Controls must be installed to ensure that unauthorized individuals cannot access PHI.
  • Access controls are to be in place, and data must be encrypted at rest and in transit.
  • Controls must ensure that PHI cannot be altered or accidentally destroyed.
  • An audit trail must be maintained, and

From Telebehavioral Health Institute – Read More

More From My Blog