Are You Breaching HIPAA While Texting Patients?

Are You Breaching HIPAA While Texting Patients?

Texting is no longer a fad; it’s a way of life. It’s one of the fastest, easiest ways to connect with the people most important to you. So naturally, it’s crept into the business world too. 

Why not text your clients and customers a quick message about an upcoming appointment? Why not answer messages with short answers? While that may be just part of doing business in some industries, it’s not quite as simple in the medical field. 

The Privacy and Security Rules that apply to HIPAA regulations don’t necessarily state that texting is in violation, but they do lay down ground rules that can impact the way you communicate via text messages. 

It is okay to text if your message doesn’t include personal identifiers. 

It is okay to text if you are in full compliance with the technical safeguards set by HIPAA rules. 

Where the division starts to cloud is the more personal you get. 

If you access PHI in any way, it must be limited to authorized users only. You must authenticate the identities of the people accessing PHI. You must have policies and procedures in place to prevent PHI from being altered or destroyed. And if any data goes beyond your organization’s firewall, it must be encrypted during transit. 

If you breach HIPAA, you’re setting up your practice for possible penalties as well as repercussions from putting your patients at risk. What should you do?

1. Create texting and communication procedures and have patients authorize stating they understand how to use your system. You can and should provide help and training as appropriate. 

2. Train your workforce how to use the system and stay in compliance at all times. You may even wish to designate a coordinator to ensure you stay on top of new changes and procedures year round. 

3. Exclude any platform that may put you at risk or vulnerable to a breach. If you aren’t sure if you are protected, don’t use it. 

4. Limit certain functions and develop other ways of communication. It’s your job to ensure you are secure at all times. When in doubt, don’t do it. 

If you leave with one take away, remember to evaluate every communication method you use within your practice. If you aren’t sure you comply, don’t use it. You’re probably not. 

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.