Texting has become a routine means of communication for most mobile phone users, including physicians. Approximately three-quarters of clinicians use texting to exchange work information with other clinicians (see Frost and Sullivan 2011) The quickness and availability of text messaging are obviously appealing to a busy physician.
Due to HIPAA Privacy and Security rules texting presents many compliance issues. Standard text messaging is not secure and should never be used to exchange patient information.
Secure text messaging can be done within the HIPAA regulations
but there are things to consider (Adam Greene April 2012):
- Password protection and encryption . Check with the vendor regarding the security of the mobile device.
- Policy regarding what patient information, if any, will be shared
- Immediate deletion of all texts regarding patient information to reduce possibility of unauthorized third party exposure.
- Ability to remotely wipe the mobile device in case of theft.
- Usage of texting must be disclosed in Notice of Privacy Practices
- Documentation of texted information in patient’s record if the shared information affects the patient’s care. Patient must be able to request amendment of their record, according to Privacy Rule.
- Business associate agreement with mobile device carrier if text information stored on server on a routine basis or sent via email
- Immediate disclosure of a security breach and corrective action within 30 days
Significant civil and criminal penalties are associated with HIPAA violations regarding the exchange of e-PHI including large fines, loss of licensure and even imprisonment. To avoid these possible penalties make sure your mobile phone usage is in compliance with HIPAA Privacy and Security Rules.