Text Messaging and HIPAA Privacy: 

Text Messaging and HIPAA Privacy:

Before you send that text, stop and think. 

Using smartphones to manage your patient care can result in hefty HIPAA Privacy violations. Before sending out a text with sensitive information that is considered protected health information (PHI), there are steps to consider first.

Text messaging is not always safe and secure. That means bad actors can hack into smartphone’s operating systems and steal your data and information. This puts you and your patients at risk, and the Office for Civil Rights, which enforces HIPAA laws isn’t too forgiving. Fines can hit the millions, and being caught as the weak link who got hack can result in job termination.

Why? Healthcare organizations are a major target for data breaches because a single health record sells for hundreds of dollars on the dark web. Not only that, hackers are routinely making attempts to break into your connected devices, and smartphones.

Text messaging  is HIPAA compliant if you do the following:

  1. Secure the platform. Check with your IT department that your cell phones are secure. 
  1. Check your security policy and procedures. Your healthcare organization should have written steps to help prevent a data breach. Make sure you understand what is involved to remain cyber safe. Talk to your manager if you are unsure of the risks and how to be HIPAA compliant.
  1. Do a risk analysis. The IT security officer at your organization should do a risk analysis before allowing nurses and healthcare practitioners to use their cell phones for communicating with patients.
  1. Track data. Messages sent to patients should be tracked and documented and stored as part of a patient’s health record in order to be HIPAA compliant. 

There are cell phone texting solutions available for healthcare organizations. It is best practice to know which system is secure, how to remain compliant, and what to do in the event a smart phone is lost or stolen. If you don’t know, don’t send a text to a patient before speaking to management about safe cybersecurity best practices.