A Solution to Medical Professional Texting And HIPAA Compliance


By: J. Scott Rees
Everyone texts today – your kids, your friends, your doctors.  With electronic health records (EHR) going from a trend to the mandated standard, digital and electronic technologies have become fully integrated into nearly every aspect of the field of medicine.  Medicine is not just the equipment that is used, the tests that are done, the medications that are provided.  Also critical to the medical practice is communication and storage of information.  Texting is particularly useful in the fast paced and information rich world of medicine.  For a physician on call, a text can be more efficient than a call and provide an incredible amount of necessary information.  Texts can also be useful in communicating with patients – reminders of appointments, lab results, and care plans.  This type of simple prompt or reminder may be very important in helping maintain a patient’s health.
The problem, however, is that traditional text messaging is not compliant with the requirements for transmitting ePHI (electronic private health information) under the HIPAA Privacy Rule.  Traditional text messages are not encrypted, the data banks where the information is actually stored are not particularly secure, there is no way to verify receipt of the text by the intended party, and spotty archiving can make an information audit nearly impossible.  That means that outside of transmitting the most basic information, traditional texting is not a safe or even legal option—especially not when the fees for violation can be as much as $50,000 for unsecured communication.
Where there is a need, there is typically a solution; HIPAA compliant text messaging is no different.  Companies like Mediprocity and others have developed services that are specifically tailored to the needs of medical professionals and are designed to allow you to communicate via text messaging in a way that is fully compliant.  Many of these services are more than just texting solutions, rather they involved solutions for faxing, emailing, and other social media outlets.  They integrate with your electronic medical records (EMR), and allow you to attach files, send to multiple recipients, forward, etc.  This means that ePHI can be kept within a closed loop of your EMR system and your compliant communication system.  All your data is secure and is shared easily without any fear of straying outside of compliance.
The services typically require you download an app to your phone and/or tablet, and they often offer a web based version as well for using the service from your desktop or laptop.  So this means that you have access across all of your devices to a single, unified method of communication that works seamlessly with your compliant EMR system to keep you protected whether you are sending or receiving ePHI.
Given the potential cost of HIPAA non-compliance, coupled with the efficiency and usefulness of text messaging, it would be worth looking into the various companies offering HIPAA text messaging solutions.