Doctors send text messages just like everyone else, and the convenience of the medium has had a significant impact on workflow. However, health systems need to be mindful of HIPAA compliance as consumer technology bleeds into the workplace. A study by Infinite Convergence Solutions finds that only 1 in 4 healthcare institutions that have a mobile messaging platform are using an internal app, while the rest are using regular consumer apps which lack the security required to secure patient information.
Premier blogger Beth Wooster indicates that these rules apply to healthcare workers, insurance providers, employers who provide health insurance for their employees, and third party providers to the healthcare industry.
The relevant points of the HIPAA Security Rule require that:
- Access to Personal Health Information (PHI) must be limited to authorized users who require the information to do their jobs.
- A system must be implemented to monitor the activity of authorized users when accessing PHI.
- Those with authorization to access PHI must authenticate their identities with a unique, centrally-issued username and PIN.
- Policies and procedures must be introduced to prevent HI from being inappropriately altered or destroyed.
- Data transmitted beyond an organization’s internal firewall should be encrypted to make it unusable if it is intercepted in transit.
Many texting platforms fail to meet any of these requirements, and therefore health systems need to adopt secure messaging platforms, given the knowledge that this tech has become an important part of the workplace.
This article outlines some of the penalties for texting in violation of HIPAA.