Posted by: adelvecchio
HIPAA, HIPAA compliance, secure messaging, texting
In this post I will be discussing how to create a secure balance between HIPAA and text messaging. Why text messaging? Texting allows your message to be delivered to patients regardless of the weather, reliability of the postal service, and patients who screen your phone calls. In a twist on traditional text messaging, information doesn’t need to be sent through a mobile phone, thanks to the various online short message services (SMS) available today. This presents healthcare providers the opportunity to send a short text message to their customers as appointment reminders, or with any other info related to their insurance plan.
Sending messages from mobile devices
In most cases, it is not appropriate to send text messages from mobile devices, unless:
- Messages are immediately deleted.
- There is a security code to access the cell phone that is sending the messages.
- Your cellular device is properly encrypted.
- Registered and traceable mobile devices are being used to send the messages.
Sending messages from the Web or desktop
Alternatively, you may decide to choose a text messaging service that is accessible from the Web. The considerations are similar: There should be a password required to access your account and the Internet connection in use should be encrypted. It is generally not recommended to use a “free SMS” service because often these types of services make money by selling information, which would be a severe breach of the HIPAA rules.
A significant percentage of issues regarding HIPAA and customers’ privacy have to do with lack of proper employee training. For example, I have interacted with healthcare providers that are using secure text messaging systems online, and have had their employees send text messages to patients via their personal cell phones. This mistake is likely triggered by their familiarity with texting from their mobile devices.
For reference, The Joint Commission says that it is unacceptable for physicians to text message orders for patients to a healthcare setting. However, this assumes that text messages are being sent from a mobile device. If you can verify the identity of the person sending the message, and keep the original message as validation of what was entered into the medical record, then communicating to patients’ cell phones is acceptable.
When in doubt, consult a trusted consultant who can properly guide you through HIPAA compliance.
Ben Bakhshi is the founder of Coordinato, an appointment reminder service. Ben comes from a technology background, and with Coordinato provides business solutions to healthcare providers.