Should you Text (SMS) Physician’s patient information?
Texting to mobile devices has become a concern for many health care leaders. Loss or stolen mobile devices containing unsecured “personal health information (PHI)” has caused numerous reported breaches and enforcement actions in the past few years. Use of mobile devices for texting PHI poses a number of risks. Are you taking the chance of damaging your reputation or the loss of patient trust because of adequate safeguards?
This could happen to you: In 2012, the Massachusetts Eye and Ear Infirmary (MEEI) reached a $1.5 million agreement with HHS and agreed to a 3-‐year corrective action plan after an employee’s laptop containing unencrypted PHI was stolen. What if your employee lost their cell phone with text messages containing PHI?
Another possible risk is PHI could be intercepted by unauthorized persons. Telecommunications vendors or wireless carriers store texts containing PHI so you will need to execute a business associate agreement with that vendor.
So there is a solution to texting PHI to Physician mobile device.
Secure Messaging is the new technology for sending PHI to Physicians. The data is encrypted and the information is not stored on the device. You can create a circle like in Google and share messages with the members in your circle.
You need to evaluate the texting risks as part of the organization’s risk analysis. HIPAA risk analysis is the foundation for safeguarding electronic PHI. The risk strategy is to reduce leaks by implementing a risk management strategy. Failure to do a risk analysis is frequently cited as an alleged violation in OCR settlements and small organization are not exempt from the requirements.
So you have to make the decision if your organization will take the risk texting PHI to Physicians.
Just remember you do have an alternative by using Secure Messaging.