Text Messaging Is an Increasingly Popular Form of Communication in Healthcare
SMS text messaging is becoming a more popular form of communication in healthcare, with 85% of hospitals and 83% of physician practices using secure communication platforms. The reasons include convenience and the improved level of patient safety and outcomes. Texting facilitates the exchange of real-time data and connectivity that advances patient safety, productivity, and profitability.
The implications of this trend are wider adoption of mobile technology in healthcare and increased spending on comprehensive clinical communication platforms; about 96% of hospitals are budgeting or investing in these platforms.
However, adopting secure texting in healthcare also comes with risks. The major risk concerns data security, as approximately 30% of survey respondents reported receiving unsecured text communications daily, which included sensitive data like patient names and birthdays. Additionally, challenges to adoption include physicians’ resistance and the need for sufficient funding. To mitigate these risks, organizations are integrating secure texting with EHR systems and investing in end-to-end encryption to meet HIPAA’s privacy and security requirements.
Related article: Patient-Doctor Communications – Calling vs Texting.
Text Messaging Is Not Secure
Regular text messages are not considered secure for communication, particularly in relation to protected health information (PHI), due to non-adherence with HIPAA regulations. The main reasons include lack of encryption, inability to retract wrongfully sent messages, and potential for interception on public Wi-Fi networks. Also, SMS messages are deemed unaccountable and copies can remain indefinitely on the servers of service providers.
Solutions such as message encryption are rarely used. These security concerns apply to instant messaging services and emails as well. Therefore, it’s crucial to exclude any PHI from messages sent via these insecure platforms, despite the growing use of personal mobile devices by healthcare professionals to transmit and receive electronic protected health information (ePHI).
Related article: 6 Best Secure, Work-from-Home Tools for Healthcare.
HIPAA Regulations Regarding Text Messages
HIPAA regulations concerning text messaging primarily refer to the HIPAA Security Rule’s technical safeguards. They stipulate that access controls, audit controls, integrity controls, ID authentication, and transmission security must be established to prevent unauthorized PHI access. Any electronic Protected Health Information (ePHI) transmission should be through a secure system complying with the HIPAA Privacy Rule.
The Privacy Rule applies to health plan providers (including insurers and employers), healthcare clearinghouses (such as administrators and brokers), and any healthcare professional transmitting ePHI. ePHI is defined as any information linked to a specific individual concerning health status, provision of healthcare, or payment for healthcare.
The Rule identifies 18 different “identifiers” that could link specific information to an individual’s identity. Despite being encrypted and stored securely, transmission of any of these identifiers over an open cell phone network or publicly accessible Wi-Fi would breach HIPAA regulations and could lead to criminal or civil legal action.
Rules to Follow for Healthcare Professionals Texting Patients
To send HIPAA-compliant text messages, one should adhere to the following steps:
- Use a Secure Messaging System: Implement a solution like PatientNote that includes the technical safeguards required by the HIPAA Security Rule, such as encryption and access control.
- Prevent Unauthorized PHI Storage: The secure messaging system should not allow authorized users to save ePHI to external storage devices including personal devices or desktop computers.
- Conduct Regular Risk Assessments: Organizations are required to regularly evaluate the integrity of ePHI, especially when introducing new working practices or advancing technology.
- Attach Documents or Images Securely: Healthcare professionals should be able to securely attach documents (like lab results) or images (of injuries) to their secure communications.
- Program “Message Lifespans”: For automatic deletion of communications containing ePHI when no longer needed.
- Monitor Activity: All network activity should be monitored, and measures like automatic logoff should be in place. Administrators need to remotely delete any communication with PHI and lock the secure messaging app in case of a lost or stolen device.
- Obtain HIPAA Consent: Inform the patient about the potential security risks of text messaging and get their permission to proceed with the communication. Automated tasks, like a HIPAA consent autoresponder, can facilitate this step.
FAQs about Text Messaging in Healthcare
Solution: PatientNotes’ Secure Texing App Provided for Free to Our Clients
PatientCalls offers a secure, HIPAA-compliant text messaging platform called PatientNote, designed specifically for healthcare providers. The innovative solution not only ensures secure communication between doctors and staff, but also safeguards sensitive patient information.
Features that differentiate PatientNote include:
- Security: No ePHI is stored on mobile devices, ensuring patient data protection.
- Accessibility: There are no apps to download, fees to upgrade or specific operating system requirements.
- Ease of Use: The platform is designed for user-friendly navigation.
- Data Protection: All data is encrypted and password-protected, reinforcing the security of sensitive information.
- Real-time Confirmation: The system provides real-time confirmation of message retrieval.
- Controlled Access: Access to ePHI is controlled and time-specific.
PatientCalls recognizes individual healthcare office needs and protocols, acting as a virtual medical receptionist. The system effectively manages incoming calls, forwarding them or relaying messages based on the specified protocol.
Moreover, PatientNote facilitates healthcare staff coordination, assisting with logistical requirements and delivering time-sensitive information. By providing instant notifications to on-call staff, immediate dispatching, ‘out of office’ forwarding, home healthcare logistics, call-to-action relay, and appointment reminders, this system enhances overall patient care.
Most importantly, PatientNote guarantees security and HIPAA compliance. It connects directly to the PatientCalls CMR and is designed to safeguard patient privacy and protect health information. Unlike standard text messaging, email, or other mobile apps, PatientNote eradicates the risk of HIPAA violations and associated penalties for non-compliance, making it a reliable option for secure healthcare communication.
Health IT Security, Fred Donovan; “Secure Texting Becoming 1st Choice for Sending Healthcare Data,” June 2018.
HIPAA Journal, “HIPAA Regulations for SMS: Most SMS Messages are Not HIPAA Compliant,” February 2016.