Texting Patient Information

Text Messaging Patient Information

Recent revisions to the Health Insurance Portability and Accountability Act 1996 (HIPAA) have increased the level of security that has to be applied when texting patient information or accessing protected health information (PHI) from a mobile or portable device such as a cell phone, Smartphone or tablet.

The revised regulations apply to health insurance providers, healthcare workers and employers who offer a healthcare program covered by HIPAA; and also, for the first time, third party service providers (also known as “business associates” or “vendors”) who provide administrative, brokerage or management services to the healthcare industry.

The Revised Regulations for Texting PHI

The revised regulations for text messaging PHI acknowledge that changes in workplace practices and technological advances have led to more healthcare industry employees using mobile devices in the course of their work. Indeed, a survey carried out by the Health Research Institute revealed that 81 percent of doctors use mobile devices to communicate with their patients and access patient information.

The possibility exists that sensitive patient data could be compromised in the workplace or in places of public access due to individuals using public Wi-Fi or open cell phone networks, and there is also the risk of a security breach when a mobile device is sold, stolen or lost.

Consequently the HIPAA guidelines for text messaging patient information say that texting PHI should only be done in the following circumstances:

  • When organizations that store electronically-accessible protected health information have introduced a secure system to limit who has access to it and to control how it is communicated.
  • When action can be taken remotely to prevent a breach of PHI if a mobile device is lost or stolen, and processes exist so that individuals can report the loss of their device immediately.
  • When periodic risk assessments have been conducted to identify any threat to the integrity of the data and procedures have been established to address any breach that may occur.
  • When data is encrypted, so that individuals who use their personal mobile devices in the workplace can safely access data or transmit/receive protected health information securely.When a system exists to ensure that protected health information cannot be stored locally on mobile devices used by employees and sub-contractors.

Organizations, employees and sub-contractors should be aware of the penalties that can be imposed by the Office of Civil Rights should there be a security breach when texting patient information, as well as the threat of legal action from patients whose protected health information has been compromised.

How Text Messaging PHI Can Be Done Securely

The conditions listed above can be summed up in the terminology used in the original Health Insurance Portability and Accountability Act that “administrative, physical and technical safeguards [should exist] to ensure the confidentiality, integrity, and security of electronically stored or transmitted private health information”; however, the revisions to the original HIPAA Act elaborate to greater detail about text messaging PHI, and states that sensitive patient data should be communicated by “secure texting.”

Texting PHI using an encrypted messaging platform is far more secure than communications sent by email, which are copied multiple times on email servers before they reach their intended recipients. Encrypted messages are sent from a secure server on which all PHI is stored, and can be accessed at any time provided that the recipient is within range of an Internet signal.

The owner of the mobile device still has the full functionality of their cell phone, Smart phone or tablet, but any text messaging of patient information is done using the virtual private network. Should the owner inadvertently lose their mobile device or have it stolen, the network administrator is able to remove the user from the network and delete any sensitive patient data they may have had access to.

Using TigerText for Secure Texting of Patient Information

TigerText´s encrypted messaging platform enables the secure text messaging of patient information by operating via a secure, cloud-based application. Organizations, employees and sub-contractors will find the application easy to use and – more importantly – easy to get into the habit of using.

There is no software to download before operating TigerText´s encrypted messaging platform – meaning that individuals who use personal mobile devices in the course of their work will not be inconvenienced – and administration controls and usage reports help to maintain control over the flow of private health information and ensure compliant usage by all personnel.

The TigerText encrypted messaging platform meets all the criteria required for texting patient information and for complying with the new HIPAA regulations; and, at the same time, offers additional benefits to organizations – such as increasing the efficiency of personnel within the workforce.

  • The facility exists with TigerText for multiple users to collaborate, so that healthcare workers within a team could all be involved in the same conversation despite being miles apart.
  • When TigerText is used on personal mobile devices, it eliminates waiting times before personnel log-in to messaging accounts or gain access to a workstation to read their messages.
  • TigerText also enables the quick and secure transmission of patient data, so that fast decisions can be made when necessary to provide the appropriate healthcare to patients.
  • All messages sent by TigerText are automatically acknowledged by read receipts when the recipient has received and read them – eliminating the cost and time taken with follow up calls.