Safe Texting in HealthCare: Do’s & Dont’s
Texting is the most popular feature of a smartphone and 97% of Americans sent texts to their friends and family because texting is easy, quick and an effective method to communicate. However, texting is considered as an unsafe method of communication for healthcare purposes. In the healthcare world there are many rules that govern this form of communication.
The privacy and security rule of HIPAA/HITECH covers communication of electronic protected health information (ePHI) that includes social media, email and text messages. For example, the nurses at a nursing facility sent patient information to the medical providers through a text message. Though there was no evidence that an unauthorized person viewed the messages, CMS chalked out a ten point remediation plan to train staff and appoint a HIPAA security officer and change the HIPAA policies and procedures of the nursing facility.
Immediate action was taken by CMS because texting creates a record, unlike a telephone call. In a telephone call, it is easier to know that you are communicating to the right person. While texting sensitive patient information is not at zero risk, because at least one third of people who have text their medical information to public surveys say that they have sent it to the wrong person by mistake. Further, HIPAA/HITECH privacy violation rules can charge fines up to $50,000. It is advisable to avoid the tendency to text patient information to a colleague for a quick patient consultation.
HIPAA Compliant Texting
Even though texting has many downsides, a secure mobile messaging compliant with HIPAA can be used with the following rules:
- Secure data centers – Offsite or onsite data centers must adhere to high levels of physical security and policies. This is to control and conduct continuous risk evaluation for data exchange through texts.
- Encryption – ePHI must be encrypted both in transit and at rest.
- Recipient authentication – Confirmation that text communication containing ePHI goes only to the intended recipient
- Audit controls – The ePHI message must be automatically recorded and it should be available for any type of audit such as sender, receiver, content, etc.
The volume of text messages indicates the preference for all to follow this method of communication. The number of texts sent by American in 2008 was 1 trillion and the number of text sent by Americans last year was 1.92 which is almost the double. Therefore texting cannot be abandoned fully, but the HIPAA rules mentioned above can make it safer to send and receive patient information through texting.
Appointment and Wellness Reminders using Text message
It may be a practice in your clinic to send reminder texts to patients for appointments. There are statistical evidence that text reminders reduces the rate of patient no-show. HIPAA rules does not regulate communications that are not a part of ePHI.
Text reminders help patients to follow medication, healthcare and recommended lifestyle. Researchers point out that text reminder help patients with chronic disease to manage diabetes. It helps African Americans to take their medication for time, especially those suffering from high blood pressure. Reminder texts help people to exercise and maintain their physical activity levels. In addition to the above advantages, more research is required to find out more best practices in texting patients.
Secure texting for the above services are now made available by Healthcare vendors through simple apps that allow medical professionals and physicians to use texting within a HIPAA approved platform. Government agencies usually do not use these apps, so it is important to make sure that these apps are HIPAA compliant. If you wish to avail texting service using a third party secure texting platform check for the three guidelines that offer security to PHI: integrity, confidentiality and availability. Nowadays, more than 80% of medical clinics and physicians use EHRS to communication with patients. Electronic health record systems allow communication with patients through text or email over a secure patient portal that meet the Meaningful Use requirement.
Whichever method of electronic communication is used, train your staff at the medical clinic to never transfer ePHI over a non-secure mode to save yourself from being penalized.