The Doctor's Advocate
Read the most recent issue of our quarterly newsletter offering timely patient safety, legislative, and industry updates. Or sign up now for an e-mail subscription.

CME Courses
We are proud to offer our members convenient options for earning CME credits.

Recently Added Patient Safety Articles
Emergency Medicine Closed Claims Study

Anesthesia Closed Claims Study

Obstetrics Closed Claims Study

More...

My Rating:
    Rating:
      No votes

      Email
      Download PDF  

      Keys to Patient Safety

      To Text or Not to Text

      As the first medical professional liability insurer to establish a patient safety department, The Doctors Company remains the leader in developing innovative tools that can help you reduce risk and keep your patients safe.

      Texting is instantaneous, convenient, and direct. It makes pagers seem as outdated as carrier pigeons. Without appropriate safeguards, however, texting can lead to violations of the Health Insurance Portability and Accountability Act (HIPAA).

      Physicians are smartphone “super-users.” According to Manhattan Research, over 81 percent of physicians use a smartphone to communicate and access medical information. The attractions are obvious: Phone applications put libraries full of information at your fingertips, and drug alerts (such as PDR.net) are just a click away. Texting reduces the time waiting for colleagues to call back and may expedite patient care by sending and receiving critical lab results and other necessary patient data.

      Safeguard against HIPAA violations.
      The very convenience that makes texting so inviting may create privacy and security violations if messages containing protected health information (PHI) are not properly safeguarded. Text messages among colleagues should be encrypted and exchanged in a closed, secure network.

      However, according to a member survey conducted by the College of Healthcare Information Management Executives, 96.7 percent of those surveyed allowed physicians to text, and 57.6 percent of those surveyed did not use encryption software. The underlying reasons for poor compliance with encryption could be due to lack of technical knowledge or to avoid the inconvenience of sending a message to someone who may not be able to unencrypt it.

      With penalties starting at $50,000 per HIPAA violation, safeguarding texts should be of utmost priority. In addition to encrypting texts, consider installing autolock and remote wiping programs. Autolock will lock the device when it is not in use, and it requires a password to unlock it. Wiping programs can erase data, texts, and e-mail remotely. Both types of safeguards provide additional protection in the event a device is lost or stolen.

      Do not text orders. 
      On November 10, 2011, The Joint Commission noted that texting is not the same as a verbal order. Texting provides no method for recipients to verify the sender’s identity and no reasonable method for preserving or incorporating the original message into the medical record.

      Ensure accuracy to avoid liability concerns. 
      A cavalier attitude when composing a text message can also pose a legal risk. The informal nature of text messages may at times lead to using shorthand, which can increase miscommunication. Additionally, a deleted text is never fully deleted, and metadata (the “data behind the data”) is also producible in a lawsuit. It’s important to ensure accuracy, particularly when patient information is exchanged over text.

      Finally, texting cannot substitute for a dialogue with a colleague concerning a patient. If there is a critical matter or any doubt about the communication, pick up the phone.

      Take steps to protect your practice.
      Consider the following steps to safeguard your practice:

      • Enable encryption on your mobile device.
      • Have a texting policy that outlines the acceptable types of text communication and situations when a phone call is warranted.
      • Report to the practice’s privacy officer any incidents of lost devices or data breaches.
      • Install autolock and remote wiping programs to prevent lost devices from becoming data breaches.
      • Know your recipient, and double check the “send” field to prevent sending confidential information to the wrong person.
      • Avoid identifying patient details in texts.
      • Assume that your text can be viewed by anyone in close proximity to you.
      • Ensure the metadata retention policy of the device is consistent with the medical record retention policy, and/or in accordance with a legal preservation order.
      • Ensure that your system has a secure method to verify provider authorization.
      • When conducting your HIPAA risk analysis, include text message content and capability.

       

      By Julie Song, MPH, Patient Safety/Risk Management Account Executive, and Susan Shepard, MSN, RN, Director, Patient Safety Education.


      J8509 1/12


       

      The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each health care provider in light of all circumstances prevailing in the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.