7 Ways to Secure Physician Text Messages

Text messaging to communicate clinical information among physicians represents a different set of health data security risks that needs to be managed appropriately, according to a report in the Journal of AHIMA.

Text messaging is popular with physicians because it is convenient and fast. Under the HIPAA security rule, text messaging should be addressed as part of an organization's comprehensive risk analysis and management strategy, especially if text messages are used to make decisions about patient care.

Providers can implement the following seven security controls to handle the transfer of electronic patient health information between physicians via text messages:

1. An administrative policy prohibiting the texting of ePHI or limiting the type of information that may be shared via text message;
2. Workforce training on the appropriate use of work-related texting;
3. Password protection and encryption for mobile devices that create, receive or maintain text messages with ePHI;
4. An inventory of all mobile devices used for texting ePHI (whether provider-owned or personal devices);
5. A policy requiring annotation of the medical record with any ePHI that is received via text and is used to make a decision about a patient;
6. A policy setting forth a retention period or requiring immediate deletion of all texts that include ePHI;
7. Use of alternative technology, such as a vendor-supplied secure messaging application.

It is ultimately imperative to recognize both the value and risks of texting and to proactively address the issues.

More Articles on Health Information Technology:

Text Message Use Among Providers Raise HIPAA Concerns
CHIME: HIPAA Privacy Rules Need Reconsideration
HIMSS: Increased HIPAA Compliance Has Yet to Increase Data Security

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months