Text Messaging Featured Article

Text messaging has become an increasingly effective way for people and businesses to communicate. Considering how many people use text-enabled cell phones or smartphones these days, getting in touch with someone fast and efficiently often means shooting them a text message. It’s direct and convenient, and more and more industries are discovering its usefulness. Some communities have adopted text messaging as a way to deliver emergency broadcast information to citizens, and it was even recently reported that automated text message reminders from healthcare services actually improved the health condition of diabetic patients.

In a field like healthcare, where time is often critical to a patient’s recovery, having a quick and seamless way for doctors and other medical professionals to transfer information, like text messaging, seems like a no-brainer. Most people carry their phones on them at all times anyway. But there are drawbacks to text messaging that have hindered its successful integration into the healthcare industry. Namely, it is not secure and, therefore, ultimately noncompliant with safety and privacy regulations under the Health Information Portability and Accountability Act (HIPAA) Security Rule, which establishes national standards for the confidentiality of electronic protected health information (ePHI).

Despite being sent to a specific phone number, traditional text messages can in theory be viewed by anyone with access to that phone, and there is nothing to stop the recipient from sharing that information with others. What’s more, text messages are not encrypted, and can remain indefinitely on the servers of phone providers, as well as on the phones of both senders and recipients. In other words, sending sensitive information via text message is risky, and as such, under HIPAA, regular text messaging has been effectively banned in the medical field. Healthcare professionals cannot exchange any kind of patient information, including ePHI, via text message without facing hefty violation fines—$50,000 for the first offense, which could creep to over $1 million for repeated violations.

What’s frightening here is that a seemingly innocuous exchange of information, such as what hospital a patient is moving to or when, could result in an unintended violation of HIPAA. So how do hospitals and medical facilities protect themselves, their employees and their patients? Voalte recently published a white paper, titled “5 Steps to HIPAA-Compliant Texting,” to help healthcare organizations realize the huge benefits of text messaging while safeguarding private and sensitive medical information. The five steps to ensuring confidentiality of ePHI, outlined by the white paper, are as follows:

1. Encrypt sent, received and stored data to prevent non-authorized users from accessing private information.
2. Require a user ID and password to log in to mobile devices.
3. Manage smartphones remotely with mobile device management software to retain control even if a smartphone is lost.
4. Lock and securely store smartphones when they are not in use.
5. Perform a thorough risk analysis and develop an appropriate strategy that promotes HIPAA compliance.

The white paper also recommends that hospitals invest in a robust and thorough security policy with its IT department in order to protect ePHI and maintain HIPAA compliance. With smartphones taking over the population at large, having medical workers use their phones on the job or even just on premises is inevitable. It’s key that organizations make an effort to protect themselves and their patients through HIPAA text message compliance. Those that do will avoid violations, and reap the benefits of speedy and effective communication in the workplace.