Is it Ever Acceptable to Text PHI?

Text Messaging and HIPAA: Why They Don’t Work Together

Texting and mobile messaging are everywhere: Is there ever a time when it’s appropriate to exchange secure health information via text?

Healthcare’s Technology Landscape Has Changed

The ways in which healthcare providers and their patients interact has changed a great deal over the past decade, and it continues to change today. Patient internet portals and informative web pages with ample resources are standard for most mid-to-large-sized practices, and communication between patients and providers has become less formal and more fluid. With these shifting trends in doctor-patient relationships, it’s hardly surprising that as of 2016, 96 percent of physicians say that they use standard text messaging to coordinate patient care.

Texting also goes beyond patient and provider communication: 87 percent of doctors say that they use their smartphones as a part of their day-to-day workflows, including using text messaging to efficiently communicate with other doctors and practice members.

Young female medical worker using cell phone in clinic
Young female medical worker using cell phone in clinic

Most experts agree that text messaging can play a positive role in healthcare: For example, in fields like behavioral health, patients might greatly benefit from non-time-consuming provider check-ins or reminders to reinforce important care regimens. Or, in large hospital settings, cell phones can be used to share non-sensitive and non-patient-related information  quickly and efficiently.

Because text messaging has become so ubiquitous, it can easily seem like a one-size-fits-all platform for communication. However, due to the complicated nature of HIPAA compliance, healthcare organizations should take time to consider when text is and is not acceptable—and what a suitable alternative communication method is.

Related: Why Healthcare is a Target for Ransomware, and How HIPAA Can Help

Is Texting within Healthcare Organizations Safe?

First and foremost, the most important detail for providers to note is that text messaging and Apple iMessaging are not HIPAA compliant. This means that it’s fine for some information to be shared over text message, but as soon as any details that constitute as protected health information (PHI) are sent or received, a HIPAA violation has occurred. This may seem obvious, but last year fully 30 percent of physicians admitted that they’ve received PHI via a standard texting app.

Texting between patients and providers is fine if no personally identifiable health information is included in the exchange, but it’s not a secure enough communication method for anything beyond that. If PHI or sensitive information does need to be exchanged from a mobile device, it’s imperative to have a secure method in place for doing so.

What Are Some Communication Alternatives?

One secure option would be to invest in a HIPAA compliant messaging platform for your organization. There are many HIPAA compliant messaging platforms available on the market today; however, there are some drawbacks to utilizing them. If your organization needs a way to exchange potentially sensitive information between your practice and your patients, a HIPAA messaging service will only work if your patients are willing to install and utilize that same service on their own phones. For smaller practices, this may be feasible, but for large hospitals and healthcare networks, it becomes much more problematic to rely on patients to take that step.

If your organization’s search for a secure messaging platform stems from a need to communicate within your practice, it’s much easier to enforce the use of a single messaging service. If that’s the route your organization takes, however, it’s worth noting that there are several precautions that need to be taken in order to maintain HIPAA compliance: The service you use to send sensitive messages or messages containing PHI should not integrate with any personal messaging; PHI cannot be visible in on-screen notifications; the messaging platform needs an in-app archiving system; many authorizations, such as signatures, are not accepted as valid when they’re sent over message. These are just a few of the complicated issues that arise when trying to utilize a messaging platform for HIPAA compliant communications.

At the End of the Day… Cloud Fax is Your Most Secure and Simple Option

Because of the complicated nature of making sure that a messaging app is truly secure, and because of some of the HIPAA red tape around things like signature authorizations, many healthcare organizations—especially large hospitals and healthcare networks—stick to cloud faxing. In addition to cloud faxing being much more reliable and secure, it remains popular in healthcare (even in the mobile age) because most cloud fax solutions allow users to both send and receive faxes directly from their cell phones. In this, the ease of mobile communication effectively merges with the security of fax.

To learn more about Concord Cloud Fax HIPAA compliance, download our compliance white paper here. If you’re seeking an online HIPAA compliant fax provider or document management system, contact us today with your questions.

Everything you need to effectively build a detailed set of requirements for your fax project.

Scroll to Top