Some Thoughts on Text Messaging and HIPAA Compliance

Home \ HIPAA & HITECH BLOG \ HIPAA Compliance Blog \ Some Thoughts on Text Messaging and HIPAA Compliance

As I give my seminars around the country, I am getting more and more questions about the HIPAA issues concerning the increasing use of text messaging. One seminar attendee asked about doctors texting orders to nurses rather than calling them in. Of course, other issues besides HIPAA arise when doing so. For example, does the doctor or the nurse enter the text order into the medical record? Does the doctor authenticate it promptly? Is greater risk inherent in a terse text message than in a phone call order during which the nurse can ask any necessary questions or provide updated information to the doctor to ensure that the order is proper? Is texting of orders permitted under the Medical Staff Bylaws?

HIPAA certainly does not prohibit texting. Much like anything else, HIPAA requires a risk analysis of the practice and the implementation of reasonable and appropriate security measures.

Among issues to consider when analyzing text messaging are the following:

  • Text messages can be very useful, such as by communicating important information when a telephone call or email would not be optimal and may make workers more productive, such as by allowing them to send or receive a short text message to “check-in” on a family member rather than engaging in a lengthy phone conversation.
  • Text messages’ immediate delivery gives them an advantage over some other means of communications.
  • Text messaging may be very distracting, such as during training sessions or meetings.
  • Such devices may add significant operating expenses and create additional security concerns for your organization.
  • Using such devices while driving greatly increases the risk of an accident and is against the law in many jurisdictions.
  • These devices can store tremendous amounts of data. The average mobile phone, for example, can store up to 6,000 Microsoft Word™ documents. Thus, many text messages may be stored.
  • The devices used to text are easily lost.
  • Texting transmissions using these devices can be intercepted or forwarded to unauthorized recipients.
  • Often, text messages start out as casual, non-work related messages but evolve into work-related messages about patient care.
  • The text messages may remain with the service provider even if the sender or recipient or both delete the message.
  • Don’t think that the plaintiff malpractice attorneys aren’t going to subpoena all of the text messages of clinicians involved in the alleged malpractice incident.
  • These devices pose a great risk of loss, theft, or other compromise of protected health information (“PHI”) and other sensitive data.
  • The U.S. Supreme Court has ruled that employers have the right to search through text messages, including personal ones, sent by workers on employer-issued devices if they have reason to believe that workplace rules are being violated.
  • A total ban on texting is very difficult to enforce. You cannot control texting that workforce members do after work. You should consider banning texting of PHI on personal devices except in emergencies. Rather, texting should be done on devices that you issue and that you have installed proper security measures on.
  • You must plan for deleting text messages pursuant to your Destruction Policy. Again, note, however, that the text messages may remain with the text message service provider even if the sender or the recipient or both delete the messages.

Premium Members may wish to consider the newly posted Sample Text Messaging Policy.

On October 27th, 2011, posted in: HIPAA Compliance Blog by Tags: , , ,

Blog Categories

RSS Feed / Social Media

RSS feed
seo by: k.c. seo