Jump to Navigation

When Texting, HIPAA Is the Acronym to Know

by: The Doctors Company
Published December 1, 2011

It’s immediate, useful, and direct. It makes pagers seem as outdated as carrier pigeons. But expedient as it is, texting colleagues may be a HIPAA violation.

With more than 85 percent of physicians using smartphones — more than twice the rate of the general public — physicians are smartphone “superusers.” Smartphones can pack libraries full of information into your pocket, instantly provide you with drug labeling alerts and CME (such as PDR.net), reduce time wasted waiting for colleagues to return calls, and facilitate the timely routing of patient care orders, critical lab results, and other patient data.

A few keystrokes and a click may be convenient, but may not be safe and legal. Texting raises HIPAA issues with significant consequences. Although a text message may start out without any protected health information (PHI), it can expand to include specific patient information, turning a simple text into a cause for legal concern. Texting PHI that is not properly safeguarded using encryption is a violation of federal privacy and security rules.

Is a text the same as a verbal order? No. The Joint Commission noted on Nov. 10 that because texting provides no method for recipients to verify the sender’s identity, and also no reasonable method for preserving or incorporating the original message into the medical record, texting is not the same as a verbal order. As with any communication over a network, be aware that text messages could also be discoverable in case of a malpractice claim.

Since texting represents potential risk, consider taking the following steps to protect your practice:

  • Enable encryption on your device.
  • Install auto lock and remote wiping programs to prevent lost phones from becoming data breaches.
  • Know your recipient and double-check the “send” field to prevent sending confidential information to the wrong person.
  • Avoid identifying details in texts.
  • Assume that your text can be viewed by anyone in the room with you.
  • Before using text orders, make sure that the order can be placed into the electronic record without using transcription.
  • Ensure that your system has a secure method to verify provider authorization.
  • When conducting your HIPAA risk analysis, include text message content and capability.
Read more about: December 2011 San Diego Physician, HIPAA, Managing Your Practice, Texting
About the author: SDCMS-endorsed The Doctors Company provides CyberGuard® as part of its core coverage, which protects members against regulatory and liability claims arising from the theft, loss, or accidental transmission of confidential patient or financial information, as well as the cost of data recovery. More information on other electronic tools can be found at www.thedoctors.com/erisk.

Find a Doctor

Search by specialty, location, health plans accepted, and more.