Secure text messaging for healthcare has replaced pagers as a primary means of communication for physicians and nurses. Yet use of these mobile technologies is putting hospitals, practices and other healthcare organizations at risk for severe HIPAA penalties and costly remediations.
Integrating new secure text messaging within the healthcare workspace and the clinical workflow comes with numerous risks and challenges. Securing protected health information is crucial—and required by privacy and security rules asserted under the Health Insurance Portability and Accountability (HIPAA) Act and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
According to the U.S. Department of Health and Human Services, the following are leading causes of HIPAA violations in the healthcare setting:
Text messaging by itself does not violate HIPAA. Violations occur when text messaging is not secure and does not adhere to HIPAA guidelines that are designed to protect a patient’s healthcare information. If a text message includes protected health information, such as a patient’s status or test results, it must be secure, encrypted and compliant with HIPAA and HITECH requirements.
Messaging apps such as Facebook Messenger, WhatsApp and GChat are not HIPAA secure messaging platforms and should not be used to communicate information about a patient’s healthcare. They lack adequate protections to ensure patient privacy and put healthcare professionals, their patients and their organizations at risk for data breaches, security hacks and HIPAA violations.
The Joint Commission in April 2016 reversed its prohibition against texting orders for patient care, treatment, or services. Prescribers may now text such orders to the hospital or other health care settings “as long as a secure text messaging platform is used and the required components of an order are included,” the accreditor stated.
Clinicians must still adhere to Medication Management Standard MM.04.01.01, of course. In addition, the text messaging application must feature the following, the Joint Commission stated:
If your text messages include protected health information (PHI) you must treat them as you would any other document, email or transmission that contains PHI:
Improper treatment of sensitive patient data confirms the necessity of a secure text messaging system for sharing and storing PHI within the clinical environment.
But beware. A texting solution deemed “HIPAA compliant” may not address the tremendous need to enhance productivity through the use of secure text messaging technologies within the clinical environment. Organizations seeking merely to guard against privacy and security violations should be mindful that no secure messaging tool is “HIPAA-compliant” in and of itself; rather, it is the appropriate use of and macro processes surrounding such tools that enable a real path to HIPAA compliance in the healthcare setting.
Communicating efficiently with other providers and patients is critical to delivering high-quality patient care. Timely interactions enable physicians and clinicians to more effectively collaborate on their patient’s needs. Further, effective communications enable smooth transitions between care settings and create opportunities to engage patients and their caregivers in care delivery and post-discharge care management.
DrFirst’s HIPAA-compliant secure text messaging solution, Backline®, is designed to facilitate immediate communication among healthcare colleagues regarding patient care in progress.
This secure chat platform is accessible via web, mobile device (including on iPhone or Android mobile devices) and supports WiFi and 3G/4G to ensure connectivity from virtually any location. It allows authorized users to communicate in a variety of customizable forums, including one-on-one private chats as well as multi-participant chats within or across medical disciplines.