Healthcare News & Insights

Compliant physician texting in a HIPAA compliant healthcare environment

A breakdown in communication could be tied to more than 60% of all reported sentinel events in 2011, according to The Joint Commission (TJC). That’s a lot of unnecessary death or serious injuries that better communication could prevent. 

175216093That’s part of the reason why providers have become more and more tech savvy when communicating with each other and their patients. In recent years, that’s included the use of text messages.

Text messaging is fast and direct, and can thwart unnecessary or prolonged conversation. The problem: Texting is that text messages may violate privacy laws.

Effective communication tool

A Robert Wood Johnson Foundation study found that nurses waste as much as 60 minutes of each work day tracking down physicians for a response. Now, contemplate how many nurses are at your facility alone, and you’ll get a good idea of all the wasted time and added labor costs these delays have caused across the entire healthcare system.

Problem is text messaging, for the most part, is nonsecure and noncompliant with HIPAA. Messages containing electronic protected health information (ePHI) can be sent to the wrong person very easily. Studies have shown that 38% of people who text have sent a text message to the wrong person.

Text meassages also can:

  • be read by anyone
  • be forwarded to anyone
  • remain unencrypted, and
  • stay forever on sender’s and receiver’s phones.

Due to the above facts, TJC banned physicians from using traditional text messaging for any communication that contains ePHI or includes an order for a patient to a hospital or other healthcare setting, according to the article, Healthcare Texting in a HIPAA-Compliant Environment. A single violation for an unsecured communication can result in a fine of $50,000; repeated violations can lead to $1.5 million in fines in a single year.

HIPAAcompliant texting

But TJC didn’t ban all text messaging. Rather it established Administrative Simplification Provisions (AS) that serve as guidelines for developing secure communication systems. Under these guidelines, the following four areas are critical to compliance:

  • Secure data centers — Healthcare organizations typically store patient information in either onsite or offsite (cloud) data centers. HIPAA requires these centers to have a high level of physical security, as well as policies for reviewing controls and conducting risk assessment on an ongoing basis.
  • Encryption AS stipulates that ePHI must be encrypted both in transit and at rest.
  • Recipient authentication Any communication containing ePHI must also be delivered only to its intended recipient. A texting solution should allow the sender to know if, when, and to whom a message has been delivered.
  • Audit controlsAny compliant messaging system must also have the ability to create and record an audit trail of all activity that contains ePHI. This includes the ability to archive messages and information about them, to retrieve that information quickly and to monitor the system.

By using a private, secure texting network, doctors, nurses and staff can send and receive patient information.

Remember: Providers’ phones should be treated the same as any other portable electronic device that stores PHI.


Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.