Updated Sample Text Messaging Policy Now Available on Premium Member Section: HIPAA & HITECH Act Blog by Jonathan P. Tomes


More and more covered entities are using text messaging to communicate either among clinicians or with consumers. Text messaging has benefits. By using a private, secure texting network, doctors, nurses, and staff can not only send and receive patient information, but also potentially achieve the following goals:

  • Shorten response times.
  • Improve the accuracy of decision making by having better and more timely information.
  • Allow multiple parties involved with clinical decision making to be looped in on the same message.
  • Allow for quicker interventions and improve patient outcomes.
  • Communicate laboratory and diagnostic imaging results, patient treatments, and medical histories, allowing the clinician to have more information readily available.
  • Speed up on-call notifications.
  • Eliminate the delay and inefficiency of callbacks.
  • Integrate with scheduling systems to create automatic notifications of pending events.

Text messaging, however, has other security risks aside from the risk of being stored on and transmitted over cell phones and other portable devices, including the following:

  • Messages containing electronic protected health information (“EPHI”) can be read by anyone, forwarded to anyone, remain unencrypted on telecommunication providers’ servers, and stay forever on sender’s and receiver’s phones.
  • In addition, senders cannot authenticate the recipient of text messages―that is, senders cannot be certain that the message has been sent to and opened by the right person. Studies have shown that 38 percent of people who text have sent a text message to the wrong person.

Because of HIPAA security and privacy concerns, the Joint Commission on Accreditation of Healthcare Organizations has effectively banned physicians from using traditional SMS for any communication that contains EPHI data or includes an order for a patient to a hospital or other health care setting.

Nonetheless, covered entities that need not be accredited by the Joint Commission may want to use text messaging for the reasons detailed above. And HIPAA, contrary to what some consultants say, does not prohibit text messaging. It is like any other technology—that is, you must do a risk analysis of it and implement reasonable and appropriate security measures.

Although I have previously written sample portable device and cell phone policies, I recently updated one specific to text messaging security that is now available on the Premium Membership section of the Veterans Press website.

Also, again, as a reminder, if you bought the HIPAA Compliance Library that includes my 5th edition of the Compliance Guide to HIPAA and the DHHS Regulations, you received with it a one-year free subscription to the Premium Member section. If you need help setting up your account to access the Premium Member section or want to arrange to buy a one-year subscription, please call our marketing director, Patrick R. Head II, toll-free at 855-341-8783 or email him at patrick@veteranspress.com.

seo by: k.c. seo