Is text messaging HIPAA compliant?

For many people, text messaging has replaced the art of real conversation. It’s easy and direct, and it saves users an abundance of time. This is also true in the health care environment, where text messaging has improved workflow and made communicating by pager and return calls obsolete. But the issue of text messaging and HIPAA compliancy has inspired much confusion. Is it HIPAA compliant or not?

Generally, SMS messaging is not encrypted or secure. Some wireless carriers store text messages, and with the use of public Wi-Fi and open cell phone networks, the potential exists for texted data to be compromised. In addition, sensitive information may fall into the wrong hands by way of malware, or a lost or stolen phone.

Thus, in order for texting to be used in health care, technical safeguards must be in place to ensure confidentiality, and maintain the integrity of protected health information (PHI). This is usually accomplished by establishing a private, secure texting network where all electronically-transmitted PHI is encrypted.

There are 5 necessary steps that covered entities can take to manage cell phones used by individuals working in the health care profession.

1. DECIDE whether mobile devices will be used to access, receive, transmit or store patients’ health information, and understand the various threats and vulnerabilities associated with their use.
2. ASSESS how mobile devices affect the risks to the patients’ health information your facility maintains by performing a risk analysis.
3. IDENTIFY the risk management strategy for your facility, and employ safeguards to ensure privacy.
4. DEVELOP, DOCUMENT and IMPLEMENT mobile device policies and procedures for your facility.
5. TRAIN staff on privacy and security awareness, discuss the facility’s policies and procedures, and ensure that everyone knows how to follow them.

Ultimately, the use of text messaging in health care is for the good of the patient. Essential data such as lab and imaging results can be at the providers’ fingertips, response times may be reduced, interventions can be applied more quickly, and patient outcomes will improve.

For more information on HIPAA, and how to ensure that your organization is HIPAA compliant, visit the U.S. Department of Health & Human Services.