Texting is instantaneous, convenient, and direct. It makes pagers seem as outdated as carrier pigeons. Without appropriate safeguards, however, texting can lead to violations of the Health Insurance Portability and Accountability Act (HIPAA).
Physicians have embraced smartphone technology, with the vast majority using smartphones to communicate and to access medical information. The attractions are obvious: Phone applications put libraries full of information at users' fingertips, and drug alerts (such as PDR.net) are just a click away. Texting reduces the time waiting for colleagues to call back and may expedite patient care by facilitating the exchange of critical lab results and other necessary patient data.
The very convenience that makes texting so inviting may create privacy and security violations if messages containing protected health information (PHI) are not properly safeguarded. Text messages among colleagues should be encrypted and exchanged in a closed, secure network.
However, according to a member survey by the College of Healthcare Information Management Executives, 96.7 percent of those surveyed allowed physicians to text, and 57.6 percent of those organizations surveyed did not use encryption software. The underlying reason for poor compliance with encryption could be the lack of technical knowledge or a desire to avoid the inconvenience of sending a message to someone who may not be able to unencrypt it.1
With penalties up to $50,000 per HIPAA violation, safeguarding texts should be of utmost priority. In addition to encrypting texts, consider installing autolock and remote wiping programs. Autolock will secure a device when it is not in use and requires a password to unlock it. Wiping programs can erase data, texts, and e-mail remotely. Both types of safeguards provide additional protection in the event a device is lost or stolen.
In December 2016, The Joint Commission issued a clarification regarding the use of secure text messaging for patient care orders.2 The recommendations, developed in collaboration with the Centers for Medicare and Medicaid Services, include the following:
Shorthand and abbreviations are commonly used in text messaging. The informal nature of text messages can increase the chances of miscommunication. It is important to ensure accuracy, particularly when patient information is exchanged over text. Additionally, deleted text messages can be retrieved, and metadata (the data behind the data) is also producible in a lawsuit.
Finally, texting cannot substitute for a dialogue with a colleague concerning a patient. If there is a critical matter or any doubt about the communication, it’s best to pick up the phone.
Consider the following steps to safeguard your practice:
The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.