LIVE Activity: Couples Counseling: Innovative Approaches to Sexual Intelligence See Details

Multicultural & Diversity Training for Compliance: How to Offer Culturally-Competent Care See Details

Healthcare text messaging, HIPAA Compliant Texting, texting in healthcare

Is HIPAA-Compliant Texting Necessary?

MARLENE MAHEU

November 28, 2022 | Reading Time: 4 Minutes
2,140

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Newer technologies have replaced pagers and faxes. Texts are the most frequently used, with as many as 23 billion texts being sent worldwide daily. This translates to 270,000 texts every second. Almost 58% of consumers report that texting is the best way to reach them quickly.

It is no wonder that healthcare practitioners are using text messages for a variety of reasons. One of the most comments, texts are successfully used to send clients and patients automated appointment reminders to reduce the number of no-shows. Patients are also empowered to cancel appointments and alert a provider or office that they will arrive late. Much appreciated by busy clients, text messages are increasingly being sent by providers or their offices when the practitioner is delayed, thereby avoiding the irritation of clients who show up on time but are forced to wait. Prescription reminders, re-ordering invoices, and delivery instructions are often exchanged with patients by text, reducing unwanted and uncollected prescriptions. 

Text messaging interventions are also becoming more common when working with people who are depressed or anxious, in patients with diabetes, overweight and obese women, harm reduction in college drinkers, and improve treatment-seeking behaviors in young people with early psychosis. The asynchronous nature of texting allows text messages to be sent to the intended recipient and read at the patient’s convenience. A fair amount of attention has also been paid to the risks and benefits of texting, such as texting while driving. As this technology grows, so should the knowledge base of clinicians who share protected health information with or about clients and patients via texting with patients. 

Risks of Text Messaging in Healthcare

Text messaging is a quick, efficient, and minimalist form of communication that gets to the point but leaves a written record of facts and other helpful information. Messages can be sent from one person to another or shared by a group. Links to webpages, music, art, photos, jokes, videos, and other digital information can easily be included. While there are many advantages to using text with and about patients, text messaging in healthcare poses risks that HIPAA addresses.

The most problematic form of text messaging is that embedded in new phones. Out of the box, most text messaging systems, such as iMessage, do not use end-to-end encryption, opening the door to messages being intercepted as they travel around the planet or across the room.

  • Embarrassing messages can be sent to the wrong party by clicking on the wrong name on one’s phone.
  • Messages intended for an individual can be accidentally sent to a group.
  • Phones can be lost, and if they are not password protected, access to past messages can be relatively easy for anyone finding the phone.
  • Messages can remain embedded in the sim card of a smartphone, or its circuitry, despite being deleted from the text messaging app itself.
  • Someone upgrading to a new smartphone can inadvertently forget to remove the sim card from the old phone when mailing it back to the manufacturer for a rebate.
  • These “slips” can create serious privacy risks for patients, as text messages containing PHI can easily be viewed by unauthorized individuals.

Text Messaging and HIPAA

HIPAA allows text messaging in healthcare, but there are rules. With Washington’s intense focus on cybersecurity, every clinician’s responsibility is to biome aware and compliant with all current requirements. In particular, the HIPAA Security Rule requires safeguards to be implemented to ensure the confidentiality, integrity, and availability of ePHI. 

  • Controls must be installed to ensure that unauthorized individuals cannot access PHI. 
  • Access controls are to be in place, and data must be encrypted at rest and in transit.
  • Controls must ensure that PHI cannot be altered or accidentally destroyed.
  • An audit trail must be maintained, and the activity of authorized individuals must be monitored.

At issue is that standard texting software lacks many, if not all, of these controls. Rather, in many text messaging apps that come with a smartphone or are downloaded from an app store, there typically:

  • Are no controls over where messages are sent
  • Messages can be intercepted en route because they are not encrypted
  • Messages can be stored on servers for long periods
  • Can be accessed by unauthorized individuals. 
  • Proper vetting of staff is often needed.
  • Many consumer-grade instant messaging platforms that advertise “end-to-end encryption” are not HIPAA compliant.

Legal & Ethical Text Messaging in Healthcare Environments

Every healthcare organization requires that its members follow its ethics code, and every code says that patient and client PHI must be protected by all involved clinicians. The only way to be assured that a text-messaging platform is HIPAA-compliant is to use one that advertises its services as HIPAA-compliant and gives the users a Business Associate Agreement. Also, search the “Terms and Conditions” file it the company’s website for the word “HIPAA.” If you don’t find it listed, chances are, the software is not appropriate for healthcare.

HIPAA-compliant platforms used for text messaging in healthcare are closed systems, thereby only allowing the sending of messages to and from other individuals authorized to use the platform. That means that both parties must log into the protected system for the connection to be protected. 

  • Access controls only allow authorized individuals to log in. 
  • All messages entering the system are protected with end-to-end encryption. 
  • Such platforms adhere to safeguards that prevent message tampering.
  • Processes are in place to ensure that in the event of the loss or theft of a mobile device, messages are protected and cannot be accessed by unauthorized individuals.

All healthcare providers must only use platforms that go through the added expense of incorporating technical safeguards to ensure the confidentiality, integrity, and data integrity of PHI as per the rigorous requirements of the HIPAA Security Rule. 

Advantages of Using HIPAA-Compliant Text Messaging in Healthcare

Although there is added expense, many healthcare organizations who have educated their care teams on the issues and adopted secure text messaging platforms have reported improvements. According to Donald Hilty and colleagues, benefits are notable but are also changing administrative workflows. In their 2020 journal article published in the Journal for Technology in Behavioral Science, the researchers conclude:

Asynchronous technologies improve access, reduce costs, and complement other care options. Health systems must appraise how to help individuals and interprofessional participants best interface with a wide range of technologies. This requires adjustments in clinical and administrative workflow. Research in measurable competency sets, implementation, and outcomes is needed.

Ethics of Texting: Do’s and Don’ts

Explore clinical, legal & ethical requirements for text messaging with clients & patients.

Read More

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Copy URL
Share On Facebook
Share On X
Share On Whatsapp
Share On Linkedin
Share Via Email

Please share your thoughts in the comment box below.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!

REGISTER

Telehealth.org Services


UPCOMING COURSE
Couples Counseling: Innovative Approaches to Sexual Intelligence

UPCOMING COURSE
Meeting Child Maltreatment Reporting Requirements: Telehealth Legal, Ethical & Clinical Strategies

UPCOMING COURSE
Multicultural, Diversity & Equity Training for Legal & Ethical Compliance

FEATURED COURSE
Therapist AI & ChatGPT: How to Use Legally & Ethically

FEATURED COURSE
3- Hour Essential Telehealth Law & Ethical Issues

BCTP® CERTIFICATE
Distinguish yourself as a certified telehealth professional with BCTP®-I, II or III.

CONSULTATION
Get pivotal guidance from industry leaders!

Advertisement


Cyber Attack Protection at a Reasonable Cost
No Extensive Application

Most Popular Topics

You May Also Like…