The following is a guest blog post by Dr. Jose Barreau, CEO of Doc Halo.
For all the money they spend on state-of-the-art EMRs, compliance officers and other measures to ensure they’re protecting their patients’ medical information, many healthcare organizations have a gaping hole in their security.
Physicians and other clinicians are as apt as anyone to send a quick text to a colleague. Maybe an attending physician wants to ask a resident about test results or an office worker needs to pass along a patient’s question.
But standard SMS text messages are not HIPAA compliant. Communicating protected health information in this way could compromise patient privacy and expose your organization to substantial fines.
That’s not to say doctors shouldn’t text. Because of its instantaneous nature, mobile messaging can improve efficiency and quality of care. But healthcare providers should make sure they’re using a secure texting platform.
If you have a non-HIPAA-compliant texting habit, you’re in good company. In research last year, nearly 60 percent of physicians at children’s hospitals said they sent or received text messages for work.
It’s easy to view text messages as “off the record.” Chances are they aren’t going into an EMR, and there’s a sense that no one but the sender and recipient will see them.
But when you fire off a text, you don’t know where it will end up. Some of these text messages contain sensitive details of diagnosis and treatment that have been discussed. Also it’s hard to say whose servers the messages might be stored on, or for how long. When patients entrust healthcare providers to care for them, they expect their data to be cared for, too.
The Department of Health and Human Services certainly knows about the problem. Last year the agency told an Arizona physicians practice to address the issue in a risk-management plan. The group “must implement security measures sufficient to reduce risks and vulnerabilities to ePHI to a reasonable and appropriate level for ePHI in text messages that are transmitted to or from or stored on a portable device.”
Healthcare providers can text about their patients without violating HIPAA — but only with secure messaging technology. Here are features to look for in a healthcare texting solution:
- Encryption at all levels — database, transmission and on the app — with federally validated standards
- Tracking of whether messages have been delivered, with repeated ping of the user
- A secure private server that is backed up
- Remote mobile app wipe option if a phone is lost or stolen
- Automatic logout with inactivity
- Ability to work on all spectrums of cell data and Wi-Fi for broad coverage
- Limited data life — for example, 30 days — for messages
Patients benefit when their healthcare providers have quick and secure ways to stay in touch. A secure text messaging platform can help you to provide better care while avoiding HIPAA violations.
Doc Halo, a leading secure physician communication application, is a proud sponsor of the Healthcare Scene Blog Network.