Why Were New Secure Texting Guidelines Introduced?
New secure texting best practices guidelines were introduced to reduce the risk of protected health information being compromised during the transmission or receipt of patient data, or while such data was stored on a portable or mobile device (cell phone, tablet, Smartphone etc.).
Studies had shown that more than 80 percent of doctors use mobile devices to access protected health information and communicate with their patients, while further research revealed that 66 percent of reported breaches of patient data were due to mobile devices being lost or stolen.
The potential for protected health information breaches has increased significantly since the original Health Insurance Portability and Accountability Act was enacted in 1996 due to technological advances and changes in working practices, and issues such as the following may not have been considered when the original Act was drafted almost
twenty years ago:
- Owners of mobile devices, who use them to access protected health information or communicate with patients via text messages, are at risk of having sensitive information intercepted and compromised when they use unsecured cellular networks or public Wi-Fi.
- The lack of security on many mobile devices increases the risk of any patient health information stored on it to be compromised, as few mobile device owners use passwords to protect sensitive information maintained on their mobile devices.
- Sensitive information that has been sent by text to or from personal mobile devices is rarely encrypted. If text messages are not deleted once they have been sent or received, anybody who finds or steals the mobile device would have access to the protected health information stored on it.
It is important to note that the HIPAA secure texting best practices recommendations state “[mobile devices] require appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information” and the failure to comply with the HIPAA secure texting guidelines can result in criminal and/or civil legal proceedings.