Look around your practice or facility’s waiting room. Are there patients reading texts on their phones? If they are looking at messages they have received from your provider, your office may be in violation of Health Insurance Portability and Accountability Act (HIPAA) regulations.
If you think about it, the same HIPAA rules that govern other forms of communication also regulate text messaging. So, with some understanding about the difference between texting, emailing, and writing, and a little bit of foresight, you can tweak your compliance program to make text messaging secure and useful for your patients.
First, it’s important to know the unique challenges texting presents to HIPAA rules. To do that, you need to understand how text messaging differs from other forms of communication:
Each of the differences outlined above represents a potential vulnerability or exposure of the patient’s electronic protected health information (ePHI), which includes, but is not limited to, a patient’s medical history, test results, insurance information, or information that can identify a patient.
Essentially, your practice needs to address any threats to revealing that information in a text to anyone other than the patient or a third party designated by that patient.
Once you have identified potential areas in your practice’s text communication practices that could result in a HIPAA violation, you will need to decide whether your practice will permit any form of text communication with patients and, if texting will be allowed, what protocols stakeholders will need to observe. You will also need to educate any stakeholders about those policies.
If you do decide to allow texting to patients in your practice, a good place to go when you are ready to draft your policy is the American Medical Association (AMA)’s Guidelines for Patient-Physician Electronic Mail and Text Messaging.
But here are three simple policies your practice can implement right away to bring your practice closer to HIPAA compliance:
Stay on top of evolving regulations, new technologies, and security threats with current, to-the-point guidance in your monthly subscription to Health Information Compliance Alert. In every issue, our experts tackle challenging security scenarios across the spectrum of health IT to keep you in the know, help you train your staff, and equip you to implement protocols to preserve the integrity of your practice.
Master HIPAA compliance with the industry’s best-selling handbook — the HIPAA Handbook 2019. Our nationally-recognized HIPAA compliance experts lay out best practices and walk you step-by-step through the dos and don’ts of compliance. We also address new target areas and introduce you to tools to nail down risk assessments, tighten up your EHR privacy and security, reassess your risk analysis plan, prep for audits, and more.