HIPAA Summary

HIPAA Summary - SMS and Text Messaging in Health Care (HIPAA)

With the ubiquity of text messaging in today's world. Communication from health professionals is no exception, but is perhaps more tricky than one might think. Because of the HIPAA Privacy Rule, there are specific requirements for how medical professionals communicate with clients in order to protect their medical information. Can this be reconciled with the benefits of SMS that lead so many to prefer it?

HIPAA, or the Health Insurance Portability and Accountability Act, is perhaps best known for its Privacy Rule, which lays out a set of national standards that protect the privacy of personal health information, and affords patients rights over their own personal health information. One of the corollaries of the Rule is that communications between health professionals and their patients be encrypted and viewable only by the patient, so that private information remains private and only accessible to authorized parties.

Text messaging is widely trusted as a fairly reliable, secure means of communicating--and for many purposes, it is. It is used for many important conversations and functions without a hitch, even including making transactions, a major means of exchanging money in Kenya. However, it is not technically a secure, guaranteed private mode of communication, raising concerns for HIPAA.

Understanding how texts are sent is important to understanding the technical problems with SMS. SMS messages are sent by cell phone carriers. These text messages are not encrypted in transport, and they can be read by those working for carriers, meaning that SMS does not meet the standards of HIPAA's Privacy Rule. A similar messaging service, the iMessage, that is often used in lieu of texting among Apple users, carries similar concerns. While iMessages are encrypted in transport, unlike SMS, Apple states that the way it handles the messages as a carrier is still not compliant with HIPAA.

Despite these legal issues, patients and providers alike value the convenience and ease of text messaging to communicate health information. Surely, there must be a solution--and in fact, there are a few.

The most basic component of making texting HIPAA compliant is the use of message encryption and a secure server. This means that messages are sent from a secure server in which all information is stored locally, such that the cell phone carrier cannot keep copies of any information. Administrative controls and usage reports can be used to ensure that these measures lead to a secure, HIPAA-compliant use of SMS. This secure texting can be relegated to the receipt of sensitive health information, so that other texting and cell phone functions are not disrupted.

The concern still remains, however, that secure text messages may end up in the wrong hands, should a device be lost, stolen, or otherwise accessed by someone who isn't the patient. Secure text messages feature security measures and can be scheduled for remote deletion in the event that a patient reports a lost or stolen device, making access of private health information by unauthorized parties difficult. But perhaps more intensive measures need to be invented to keep security bulletproof when security measures and remote deletion may fail. The conversation on whether the encryption measures at hand are adequate deterrents to inappropriate access of sensitive information is long and inconclusive.

Another alternative to traditional SMS is applications that function very similarly to text messaging, but use similar measures to secure texting to ensure HIPAA compliance. NotePage, Inc. works with a number of these providers additional information can be found in the Integration Section on the NotePage website. While concerns about device access by someone not authorized to view the information still exist, the level of security used makes such applications a viable option for HIPAA-friendly messaging, especially for those wary of SMS.

Whether fully HIPAA-compliant texting is truly possible is the subject of much debate. However, it is certain that there are very secure SMS options and alternatives available for those who find themselves married to the ease and modernity of text messaging.

NotePage, Inc.
PO Box 296
Hanover, MA 02339