Texting is Not HIPAA Secure
By John Lynn
John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.
I previously posted the somewhat controversial post: Email is Not HIPAA Secure. It was an extremely important post and included 54 incredible comments discussing email security and email in how it relates to HIPAA. Today I want to discuss the security issues related to text (SMS) messages.
The Short Story Is: Texting (SMS) Is NOT HIPAA Secure
I recently did a focus group to discuss physician communication. At one point I asked how many of them use text messages to communicate with other doctors. All of them acknowledged that they used it and that they were using it more and more. I then asked how many sent PHI (protected health information) in the text messages that they sent. While the response wasn’t as strong likely because they knew it was a loaded question, they all acknowledged that PHI was sent by text message all of the time.
One doctor even commented, “They’re not going to put us all in jail.”
There is some validity to this comment. They’re not going to go around like an old school lynch mob putting physicians in jail because they sent some patient information in a text message. Although, that doesn’t mean that they couldn’t go around handing out hefty fines for HIPAA violations.
Let me be clear that there are secure text message platforms out there. I’ve actually been thinking about this quite a bit lately since I’ve been advising a local Vegas Tech iPhone app called docBeat that offers this secure text message functionality for free.
In fact, there are quite a few companies that are trying to provide this functionality. Although, I like docBeat because it offers a whole suite of Physician Communication Tools and not just secure text messaging. I think there’s value in a doctor only to have to go to one place for all their communication needs. In a future post, I’ll do a full write up on what docBeat’s offering physicians.
At some point, I think doctors are going to turn the corner and realize that the standard SMS text messaging service that every cell phone has these days is not the right way to communicate. Besides the fact that standard text messaging isn’t secured, it’s also stored forever on the server of your cell phone service provider. Most doctors likely haven’t thought that everything they’ve sent over text could be brought back to haunt them forever.
Other problems with standard text messaging is that you don’t really know what happens with the text message once its sent. Did the text message actually send? Did the person you sent the text message actually receive it? If they received the text message have they read it?
The great thing is that we all finally have realized the value of simple communication with a text message. Now we just need to move to these new secure text messaging platforms that solve the security, reliability and tracking issues with standard text messaging.
Semel Consulting works with Covered Entities, Business Associates, and Subcontractors to properly manage HIPAA compliance.
MIKE SEMEL | www.SemelConsulting.com