Text messaging is popular with physicians because it is convenient and fast. Text messaging to communicate clinical information among physicians represents a different set of health data security risks that needs to be managed appropriately.
Providers can implement the following seven security controls to handle the transfer of electronic patient health information between physicians via text messages:
1. An administrative policy prohibiting the texting of ePHI or limiting the type of information that may be shared via text message;
2. Workforce training on the appropriate use of work-related texting;
3. Password protection and encryption for mobile devices that create, receive or maintain text messages with ePHI;
4. An inventory of all mobile devices used for texting ePHI (whether provider-owned or personal devices);
5. A policy requiring annotation of the medical record with any ePHI that is received via text and is used to make a decision about a patient;
6. A policy setting forth a retention period or requiring immediate deletion of all texts that include ePHI;
7. Use of alternative technology, such as a vendor-supplied secure messaging application.
It is ultimately imperative to recognize both the value and risks of texting and to proactively address the issues.
More Articles on HIPAA:
HIMSS: Improved HIPAA Compliance Has Not Increased Data Security
Going "Social": Monitoring and Addressing HIPAA violations on Social Media
CMS to Hold Off Enforcement of HIPAA Version 5010 Standards Until March 2012
7 Ways to Make Physician Text Messages HIPAA CompliantWritten by Kathleen Roney | April 18, 2012
Under the HIPAA security rule, text messaging should be addressed as part of an organization's comprehensive risk analysis and management strategy, especially if text messages are used to make decisions about patient care, according to a report in the Journal of AHIMA.
© Copyright ASC COMMUNICATIONS 2011. Interested in LINKING to or REPRINTING this content? View our policies here.