HIPAA-Compliant Texting for Medical Professionals
Like everyone else, physicians and health-care professionals have taken to texting in a big way. Results of a recent study of health care providers revealed that 64% percent of the physicians surveyed regularly use SMS (text) messaging to send and receive patient data with colleagues. These messages were used to share all kinds of patient information, including diagnoses, test results, and advice.
Regular texting is not HIPAA-compliant
What health-care professionals may not realize is that text messages are not HIPAA-compliant. Text messages are not safe for the following reasons:
- The data is unencrypted and unsecured, which makes it an easy target for hackers and criminals.
- Because the recipient cannot be verified, it can easily fall into the wrong hands.
- There is no way to escalate high-priority messages, which means important messages can easily be ignored.
- Text messages can only be categorized or sorted by recipient name, not by type, which makes searching difficult.
- Texts from all the different sources are mixed, which can result in your texts going to the wrong person by mistake.
- There are no archiving facilities and old messages may be lost.
Ways to make texting compliant with privacy laws
This doesn’t mean that you cannot use text messages. Texting can be a great time-saving tool for medical practices, but it must be compliant with privacy laws. Here are several ways you can make texting safe.
- Activate data encryption on your mobile devices: Data encryption involves converting data into a secret code. To open an encrypted file, it must be decrypted using a secret key or password. Investigate and install data encryption software for your practice.
- Advise the patients about the risks of using text messages: Most patients have no idea how their text messages can be misused if they fall into the wrong hands. They think it’s safe to share everything about their illness with their doctor. So, tell your patients why unsecured texting is not safe and advise them on how it can be made safer. If possible, create a “Statement of Understanding” and ask your text-using patients to sign it.
- Develop a well-thought-out text message usage policy: Before allowing your staff to use text messages to share patient data, develop a carefully planned text-usage policy. The policy should include restrictions on who can send or receive text messages from patients, topics for text messaging, time to respond to messages, instructions on how to escalate important text messages, and how data from text messages should be transferred to the patient’s record.
- Prohibit all texting until a text message usage policy is in place: While the text message usage policy is being developed, prohibit every staff member from sending text messages to and receiving text messages from patients. Advise your patients not to send any text messages until the usage policy is in place. Explain to them that it is for their own protection.
If you need assistance in developing an effective text-usage policy or have concerns about possible privacy law violations in your practice, consult a seasoned health-law attorney.