Texts have become quite the popular means of communication. It is now common for optometrists and even some general practitioners to send text messages regarding appointments. Though text messages are certainly an efficient technology, they also have the potential to violate HIPAA rules. Here’s an explanation from I.T. services experts in Springfield, MO about how texts pose a threat to remaining compliant with HIPAA:
How Texts are a Threat to HIPAA Compliance
Regular text messages are not encrypted. This lack of protection makes data that much vulnerable to evildoers’ attempts to access the system. There is no control over what happens after you send a text message. You do not know if another party intercepts it or if it is received by the intended recipient. Furthermore, documentation must be made in each patient’s unique medical record. This is awfully difficult to accomplish with text messages.
It is quite surprising to learn HIPAA laws do not have language pertaining to the transmission of sensitive information through text message. Nor does the Office for Civil Rights (OCR) have rules for such data. It is the duty of the healthcare provider to guarantee the security of the information contained in the text message. This party is also responsible to ensure it is the patient who actually receives the text message. Such an onus is a bit concerning, considering the number of medical providers who are making the transition to communicate via text message rather than phone call.
Why SMS Text Messages are Risky
Short message service (SMS) texts have the potential to be intercepted en route to the recipient. This is precisely why it is not prudent to use SMS messages for communication in a healthcare environment. Data transmitted through text might not be stored properly. It might even be mistakenly deleted. Documentation is essential when anything involving medical records occurs.
Surveys show the majority of medical professionals do not believe medical information should be transmitted through text message. Only 40% of those surveyed indicate sending medical data through text is acceptable if it is encrypted. However, texting is extremely convenient.
HIPAA Policies of Note
Patient approval is necessary to transmit any medical-related data by text message. Texts should be made as secure as possible with the use of encryption, security risk analysis, intentional limitations to the sharing of data and a regular updating of the waivers and release forms. Such forms will ensure your staff knows exactly how each patient would like to be communicated with.
An I.T. services provider in Springfield, MO can solve your tech and compliance woes. At JMARK Business Solutions, we provide everything, from outsourced help desk support to mobile device management, cloud computing, data backup management and many more. Contact us now for more information.