In recent years, texting messages have made communication easier and more convenient for people generally, even in many business spheres. But while some healthcare professionals have adopted the use of mobile phones to receive and send electronically protected health information (EPHI), this has, however, raised the question of whether Texting is HIPAA compliant among many healthcare organizations and professionals.
First of all, HIPAA doesn’t explicitly ban the use of text messages. However, if care is not well-taken, in many instances, using this mode of communication will fall under the violation of HIPAA.
But not to worry, you can still use short message service without infringing HIPAA, so long as you keep the objective of the Act in mind.
And what does it mean to comply with HIPAA in texting? Simply, it’s to ensure that you guard the patient’s privacy and personal health information; and this must be followed to the latter, especially when text message content has the patient’s protected health information(PHI).
So, if you want to start texting in your health organization without breaking the rules of HIPAA, then you should continue reading this piece. The following provides detailed information on HIPAA Compliance in Texting.
But then, what is HIPAA?
Let’s take it gradually. We don’t want to assume you already know what HIPAA stands for and what it is. If you’re not sure, here’s it:
HIPAA stands for “Health Insurance Portability and Accountability Act”, which was established in 1996. It is a national law that calls for the need for a federal standard to protect and prevent sensitive patients’ health information from being shared with a third party or the public, without the consent of the patient.
It was created to safeguard the patient’s privacy and protect health information (PHI). The main goal of HIPAA is to ensure that a patient’s medical information is well secured without any privacy breach, even when it involves using electronic means. For example, when sending or receiving text messages.
Text messages that contain the patient’s protected health information must follow the required patient privacy and security rule. These messages are to be stored securely and encrypted even while in transit. A patient’s PHI (protected health information) includes health status, first and last name, address, provision or payment for healthcare, birthday, e.t.c.
The Rules Of HIPAA In Texting
Well, HIPAA does not have an explicitly spelled-out rule for texting; it, however, does have security rules and privacy rules that outline specific procedures that apply to all electronic communication across the healthcare industry.
Sending any form of a text message containing patient-protected health information (PHI) under HIPAA privacy rules must be done through a secure messaging system. And this rule applies to health plan providers (employers inclusive and insurers), healthcare clearinghouses (brokers and administrators inclusive), and any organization or healthcare profession that handles patient-protected health information.
Text messages that contain a patient’s protected health information must be encrypted. HIPAA-compliant text messages need to be encrypted and stored securely in a database. When PHI is transmitted through an open cell network, the sender has violated or breached the HIPAA rules regarding electronic communication in the health industry and would face civil legal actions.
Why Must You Send HIPAA-compliant Texts?
The traditional text message is not a secure messaging means, as it goes through diverse carriers and is stored on their server. These text messages are often not encrypted, and most mobile phones don’t even have solid password protection. For instance, when the phone is not in use and a text message is sent, it saves automatically on the recipient’s phone, and this message content is vulnerable to anyone who has access to the phone.
Moreso, in cases where the patient loses his or her phone or if it gets stolen, protected health information stored on the device becomes accessible by a third party which can be used for identity theft.
Hence, ensuring you send HIPAA-compliant text messages is important because violation of these rules comes with severe consequences and penalties (although this varies based on the rate or level of violation).
How To Make Your Texts HIPAA-compliant
One of the best ways to ensure that your texts comply with HIPAA regulations is not to have a patient’s personal identifier in your message content.
That is, sending patients prescription reminders without including any protected health information, such as sending Appointment reminders without including the patient’s name, the reason for appointment, medicine they are to use, e.t.c.
The instances when sending a patient’s protected health information is allowed include
- In cases when the healthcare organization has cautioned the patient about the risk of unauthorized disclosure and has a well-written and documented agreement to show the patient’s consent to communicate PHI via texts.
In such cases, texting protected health information is allowed by HIPAA.
- In some extreme cases of natural disasters like Earthquakes or the recent Covid 19 health emergency, there can be an exception to HIPAA Compliance rules for text messages for health care providers.
Furthermore, communication in the healthcare industry goes beyond healthcare professionals and patients. Texting can be used for interoffice communication, for example, to notify staff in the organization about a change in schedule or any information you want to pass across. And HIPAA rules of confidentiality must also not be ignored in this case.
In all, avoid the common mistakes that can get you penalized for violating HIPAA regulations that can easily happen because you are texting, such as: Sending messages to the wrong contact, Giving the wrong employees permission, Texting patients who are yet to consent to text message communication, e.t.c.
Texting is a good and easy way to stay connected and communicate with your patients. However, as a healthcare organization or professional, you must ensure that your text messages comply with the Health insurance portability and accountability act (HIPAA) standards in order not to get penalized for violating HIPAA regulations.
F.A.Q About HIPAA Compliance
When Is Texting HIPAA Compliance?
For a text message to comply with HIPAA standards, the sender and the recipient must be authorized users of a secure messaging system (as such, ensures that all messages are encrypted) and gives access to transmit electronically protected health information when needed.
The message system administrators must ensure it gives room for auditing in compliance with HIPAA and the system must also prevent the authorized users from saving PHI shared through the platform on any storage device.
Related article: TCPA Violations And Penalties