Healthcare text messaging, HIPAA Compliant Texting, texting in healthcare

Is HIPAA-Compliant Texting Necessary?

1760
0

Newer technologies have replaced pagers and faxes. Texts are the most frequently used, with as many as 23 billion texts being sent worldwide daily. This translates to 270,000 texts every second. Almost 58% of consumers report that texting is the best way to reach them quickly.

It is no wonder that healthcare practitioners are using text messages for a variety of reasons. One of the most comments, texts are successfully used to send clients and patients automated appointment reminders to reduce the number of no-shows. Patients are also empowered to cancel appointments and alert a provider or office that they will arrive late. Much appreciated by busy clients, text messages are increasingly being sent by providers or their offices when the practitioner is delayed, thereby avoiding the irritation of clients who show up on time but are forced to wait. Prescription reminders, re-ordering invoices, and delivery instructions are often exchanged with patients by text, reducing unwanted and uncollected prescriptions. 

Text messaging interventions are also becoming more common when working with people who are depressed or anxious, in patients with diabetes, overweight and obese women, harm reduction in college drinkers, and improve treatment-seeking behaviors in young people with early psychosis. The asynchronous nature of texting allows text messages to be sent to the intended recipient and read at the patient’s convenience. A fair amount of attention has also been paid to the risks and benefits of texting, such as texting while driving. As this technology grows, so should the knowledge base of clinicians who share protected health information with or about clients and patients via texting with patients. 

Risks of Text Messaging in Healthcare

Text messaging is a quick, efficient, and minimalist form of communication that gets to the point but leaves a written record of facts and other helpful information. Messages can be sent from one person to another or shared by a group. Links to webpages, music, art, photos, jokes, videos, and other digital information can easily be included. While there are many advantages to using text with and about patients, text messaging in healthcare poses risks that HIPAA addresses.

The most problematic form of text messaging is that embedded in new phones. Out of the box, most text messaging systems, such as iMessage, do not use end-to-end encryption, opening the door to messages being intercepted as they travel around the planet or across the room.

  • Embarrassing messages can be sent to the wrong party by clicking on the wrong name on one’s phone.
  • Messages intended for an individual can be accidentally sent to a group.
  • Phones can be lost, and if they are not password protected, access to past messages can be relatively easy for anyone finding the phone.
  • Messages can remain embedded in the sim card of a smartphone, or its circuitry, despite being deleted from the text messaging app itself.
  • Someone upgrading to a new smartphone can inadvertently forget to remove the sim card from the old phone when mailing it back to the manufacturer for a rebate.
  • These “slips” can create serious privacy risks for patients, as text messages containing PHI can easily be viewed by unauthorized individuals.

Text Messaging and HIPAA

HIPAA allows text messaging in healthcare, but there are rules. With Washington’s intense focus on cybersecurity, every clinician’s responsibility is to biome aware and compliant with all current requirements. In particular, the HIPAA Security Rule requires safeguards to be implemented to ensure the confidentiality, integrity, and availability of ePHI. 

  • Controls must be installed to ensure that unauthorized individuals cannot access PHI. 
  • Access controls are to be in place, and data must be encrypted at rest and in transit.
  • Controls must ensure that PHI cannot be altered or accidentally destroyed.
  • An audit trail must be maintained, and the activity of authorized individuals must be monitored.

At issue is that standard texting software lacks many, if not all, of these controls. Rather, in many text messaging apps that come with a smartphone or are downloaded from an app store, there typically:

  • Are no controls over where messages are sent
  • Messages can be intercepted en route because they are not encrypted
  • Messages can be stored on servers for long periods
  • Can be accessed by unauthorized individuals. 
  • Proper vetting of staff is often needed.
  • Many consumer-grade instant messaging platforms that advertise “end-to-end encryption” are not HIPAA compliant.

Every healthcare organization requires that its members follow its ethics code, and every code says that patient and client PHI must be protected by all involved clinicians. The only way to be assured that a text-messaging platform is HIPAA-compliant is to use one that advertises its services as HIPAA-compliant and gives the users a Business Associate Agreement. Also, search the “Terms and Conditions” file it the company’s website for the word “HIPAA.” If you don’t find it listed, chances are, the software is not appropriate for healthcare.

HIPAA-compliant platforms used for text messaging in healthcare are closed systems, thereby only allowing the sending of messages to and from other individuals authorized to use the platform. That means that both parties must log into the protected system for the connection to be protected. 

  • Access controls only allow authorized individuals to log in. 
  • All messages entering the system are protected with end-to-end encryption. 
  • Such platforms adhere to safeguards that prevent message tampering.
  • Processes are in place to ensure that in the event of the loss or theft of a mobile device, messages are protected and cannot be accessed by unauthorized individuals.

All healthcare providers must only use platforms that go through the added expense of incorporating technical safeguards to ensure the confidentiality, integrity, and data integrity of PHI as per the rigorous requirements of the HIPAA Security Rule. 

Advantages of Using HIPAA-Compliant Text Messaging in Healthcare

Although there is added expense, many healthcare organizations who have educated their care teams on the issues and adopted secure text messaging platforms have reported improvements. According to Donald Hilty and colleagues, benefits are notable but are also changing administrative workflows. In their 2020 journal article published in the Journal for Technology in Behavioral Science, the researchers conclude:

Asynchronous technologies improve access, reduce costs, and complement other care options. Health systems must appraise how to help individuals and interprofessional participants best interface with a wide range of technologies. This requires adjustments in clinical and administrative workflow. Research in measurable competency sets, implementation, and outcomes is needed.

Other Texting Articles by Telehealth.org

Ethics of Texting: Do’s and Don’ts

Explore clinical, legal & ethical requirements for text messaging with clients & patients.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Privacy Policy and Terms and Conditions.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x