Medical Malpractice News

HIPAA Compliant Text Messaging for Medical Professionals

Tags: | Comments: 0 | May 8th, 2014

hipaa compliant text messagingTechnology and Compliance: Solutions for Physicians

It’s obvious to anyone in the industry that technology is playing a more significant role in the field of healthcare than ever before.  With electronic health records (EHR) going from a growing trend to the mandated standard, and everything that goes with that (i.e. ICD-10 compliance requirements, encryption standards, etc.) digital and electronic technologies have become fully integrated into nearly every aspect of the field of medicine.  It’s no longer just equipment we use to diagnose patients or manipulate data and material in the lab that utilizes the latest technological breakthroughs. It’s also the ways we communicate, keep and store records, and interface with patients, too.

That said, we also recognize that given the pace of change it can sometimes be difficult to keep up with the new tools that are available to us. In our next few posts, we will highlight some of the solutions that seem to be working well for those who have already implemented them.

HIPAA Compliant Text Messaging

Text messaging is a convenient way to communicate that it has become ubiquitous around the world.  When you simply need to communicate a piece of information without all the niceties and social graces of a full blown conversation, and without the hassle or formality of drafting an email, there is nothing that really compares.  Texting isn’t good for all types of communication, of course, but for many things, particularly in the fast paced, information rich world of medicine, it is ideal.  For instance, for an on-call doctor: a single text message is much more efficient than a call back and is much more information rich and specific than a pager buzz.  Likewise, a text to a patient letting them know that you have not received their lab results could be just the type of reminder that pushes patient compliance to the next level of efficiency for your practice.

The problem, however, is that traditional SMS text messaging is not compliant with the requirements for transmitting ePHI (electronic private health information) under the HIPAA Privacy Rule.  Traditional text messages are not encrypted, the data banks where the information is actually stored are not particularly secure, there is no way to verify reception of the text by the intended party, and spotty archiving can make an information audit nearly impossible.  That means that outside of transmitting the most basic information (a generic reminder to take a daily medicine or a notice that you are needed in a particular room) regular SMS texting is not a safe or even legal option—particularly not when the fees for violation can be as much as $50,000 per unsecured communication.

And, that is where HIPAA compliant text messaging solutions come in.

Companies like Mediprocity and others have developed services that are specifically tailored to the needs of doctors and designed to allow you to communicate via text messaging in a way that is fully compliant.  Many of these services are more than simple texting, designed to fulfill the roles filled previously by faxing, texting, emailing, and other social media outlets.  They integrate with your electronic medical records, and allow you to attach files, send to multiple recipients, forward, etc.  This means that ePHI can be kept within a closed loop of your EMR (electronic medical records) system and your compliant communication system.  All your data is secure and is shared easily without any fear of straying outside of compliance.

Most of these types of systems are very simple to install—you typically download an app to your phone and/or tablet, and they often have a web based version as well for using the service from your desktop or laptop.  So this means that you have access across all your devices to a single, unified method of communication that works harmoniously with your compliant EMR system to keep you protected whether you are sending or receiving ePHI.

Finally, the really nice thing about these systems is that they are typically not expensive.  They’re subscription based and tend to be within the realm of what you would expect to spend on a cable package or a cellular plan depending on the number of users you need.  Given the protection they offer and the simplicity of communication and data exchange they provide this strikes us as pretty much a bargain.  But if that isn’t enough some brokers have actually started offering subscriptions to these services to their clients free as a benefit.

If you have experience using one of these systems, we’d be happy to hear about your experience in the comments section below or on one of our social media outlets.

This post was written by Justin Donathan.
Justin at Google+

Coming up in the series, we’ll introduce you to electronic check-in systems and how, as technology gets “smarter,” they are used to do more than just add a patient’s name on a list.  We’ll also explore the growing role of patient portals and how they are being used to further patient compliance and get patients more involved in understanding and managing their own care.