HIPAA Compliant Texting: Everything You Need To Know — Hosting & Cloud Solutions — HIPAA Compliant — HIPAA Vault

by Stephen Trout

Texting, or “fingered speech” as John McWhorter called it in his TED Talk, is a “linguistics miracle.”

Answering early criticisms of the technology — that it would promote a widespread butchering of the English language — McWhorter clarified that texting is actually casual speech, typed out to mimic the way we talk.

The telescoping (contraction) of words, along with the inclusion of symbols — in an almost instantaneous exchange of ideas — has exploded in popularity, especially among the young.

Further, texting has a strategic convenience. It’s especially valuable for those times when we can’t communicate face-to-face or through a phone conversation.

We may take all this for granted (insert your “thumbs up” emoji!) — yet as ubiquitous as texting has become, questions still arise:

Is text messaging an acceptable tool for an industry like healthcare? Do HIPAA compliance regulations support the texting of sensitive, electronically protected health information (ePHI)?

A Strategic Tool

Today, the writing appears to be on the wall (or your screen): not only do 83% of healthcare practitioners find texting acceptable, but it’s fast becoming the preferred means of communication between patients and providers.

When a doctor can send an urgent message from almost anywhere, and delays in patient phone queues (which spiked as the pandemic unfolded) can be avoided, texting can help expedite treatments and speed healing.

There’s a catch, however (you knew it was coming!): HIPAA compliance regulations do support the use of text messaging technologies in healthcare — as long as the right controls are implemented to protect ePHI.

Before we dive into these protections, let’s look closer at the emergence of texting as a healthcare tool.

A Brief History YDK (or perhaps you do!)

Texting, originally known as the SMS protocol (which stands for short messaging service) was designed for sending brief messages over wireless networks.

Initially, the limit for SMS characters was set at 160. For that seemingly arbitrary number, we have a German inventor named Friedhelm Hillebrand to thank.

In the mid-1980s, Hillebrand was chairman of the Global System for Mobile Communications (GSM). Together with Frenchman Bernard Ghillebaert, they invented the SMS technology.

Since SMS had size limits, a character limit needed to be set.

It occurred to Hillebrand that a short-message equivalent already existed, popular in the pre-digital communication era: the postcard.

Typical postcards — sized at only 3–½ x 5 inches — require senders to be concise, formulating the gist of their communique with a thoughtful economy of words.

Hillebrand surveyed a cross-section of common postcards and discovered that most messages met the 160-and-under character limit for size.

For added measure, he then sat down at a typewriter and began clicking away on whatever other brief messages came to mind. You guessed it: most of these were also under 160 characters!

Later, extended text messaging would allow for more characters and even multimedia files. If needed, longer texts could simply be sent in two or more parts.

Benefits of Texting for Healthcare

Today, text messaging has clearly grown in popularity, with nearly 80% of Americans texting regularly. This has produced a number of consumer benefits, many of which translate naturally to healthcare:

“Texting is the new phone call.” 98% of consumers who text expect healthcare to follow suit and provide the same kind of responsiveness with texting that other industries and businesses provide.

Due in part to their succinct nature, most texts are read within minutes of being received. In fact, the response rate with a text is over 200% higher than with a phone call.

Smart marketers know this and are increasingly relying on texts to land their messaging and convert leads.

Most Gen Xers were introduced to texting early, and along with their children, simply find it easier to text. They see it as more efficient (on average, a text takes 4 seconds) than logging in to email, which typically involves wading through a backlog of messages to find and read the right one.

A survey of “770 hospital professionals and 1,279 physician practices indicated secure texting is becoming the first choice to send information while keeping sensitive data secured.”

Pagers and faxing may still have their uses, but are often seen as “old-school technology.” When a team of healthcare providers is able to get on the same page and communicate more efficiently, response times are better. This ultimately benefits the patient.

Appointment reminders, rescheduling, pharmacy prescription notices, and provider updates can all be done via text. This saves valuable staff time and avoids the inevitable “phone tag,” saving time and provider costs.

Texting is faster than requiring a patient to log in to a portal to receive updates, which improves engagement and helps to streamline care.

Another key reason, as medication management experts point out, is that texting can “drive medication adherence, and empower patients to be more actively involved in their health and wellness.” Healthier patients tend to share their positive experiences.

Healthcare Still Behind the Curve

One doctor counted that he sent around 2,000 text messages over the course of a year. His patients sent him “pictures of rashes, swollen gums, family pets, and graduations… videos of babies breathing noisily and taking their first steps… They sent turkeys on Thanksgiving, heart-shaped stethoscopes on Doctor’s Day (who knew this existed?), and my favorite, Darth Vader on Father’s Day.”

Unfortunately, stories like this aren’t the norm. A sizable chunk of Healthcare providers are lagging when it comes to utilizing texting to deliver value to patients — at least to the extent that they could:

Sources note that only “thirty-two percent of providers have texted back and forth with patients to confirm an appointment, and 23 percent have texted to cancel an appointment… few providers say they have texted patients to provide post-treatment instructions (7 percent) check in for health monitoring (6 percent) or follow up on survey feedback (6 percent).”

Patients tend to welcome such follow-up. For example, one study notes that “eighty-seven percent of patients wish their providers would engage them between visits to support chronic disease management.”

Granted, lack of time on the part of the provider may hinder responses — though most texts do not tend to be as time-intensive as other communication channels.

Appropriate training on the texting platform may help to adopt greater usage; automated messaging (typically used for appointments, but which can be leveraged for other kinds of messages) may also be of some benefit.

Healthcare systems must identify and address their particular barriers to texting to improve both provider response and patient experience.

Text Messaging Platform Requirements for Healthcare

User surveys note that as many as 30% of healthcare providers think — incorrectly — that consumer texting programs meet HIPAA security requirements. This assumption is not only mistaken, it’s a violation of HIPAA requirements.

That said, we’ve often noted this defining characteristic of the HIPAA Security Rule: it refrains from specifying or recommending specific vendors, primarily since data security technologies are ever in flux and change rapidly over time.

What is specified by the rule is to ensure the confidentiality, integrity, and availability of ePHI — no matter what solution is ultimately in play.

To accomplish this, HIPAA-compliant text messaging must rely on a secure platform that incorporates the appropriate technical safeguards that are lacking in typical consumer app messaging services.

The HIPAA-compliant text-messaging platform will therefore be marked by the following:

Should a mobile device ever fall into the wrong hands, the confidentiality of PHI will be maintained.

Secure Infrastructure

To be truly HIPAA compliant — as we often point out — requires an underlying infrastructure to be both proactive and preventative.

A proactive infrastructure is a highly responsive environment, enabling high data availability and timely access to patient data. Preventative infrastructure will be highly secure, mitigating vulnerabilities and protecting patient data from being corrupted or held for ransom.

To accomplish this, systems must be:

Logs will also include both failed and successful login attempts to systems, networks, and all areas where PHI data is kept, as well as logouts, as well as all security events. According to regulations, these logs must be kept for a minimum of six years, or longer if your state requires it.

Failure to ensure these safeguards can be devastating. Significant fines from the OCR for violating HIPAA rules — such as the $3 million HIPAA penalty assessed to the University of Rochester Medical Center (URMC) for the failure to encrypt mobile devices and other HIPAA violations — can be followed by lawsuits from those who’ve had their ePHI compromised. A loss of business reputation for the healthcare provider — including an inability to maintain the practice — can all result.

It must be stressed: sending ePHI over an unsecured, non-compliant network then is not only a violation, it’s also criminal — potentially damaging to both patient and provider.

Appropriate Device Policies

In addition to a HIPAA-compliant platform, it is essential to apply appropriate device policies. This is especially critical as mobile devices, by nature, are more prone than other technologies to be misplaced or stolen.

Such policies should include:

HIPAA Compliant Texting and Your Organization

For its ability to impact patient engagement and aid staff productivity — ultimately improving the quality and timeliness of care — HIPAA-compliant texting is fast becoming a fixture for healthcare organizations.

HIPAA Vault has been hard at work testing our forthcoming HIPAA-compliant Text solution, due to be released soon! If you’re planning to incorporate the benefits of HIPAA-compliant texting in your practice and have questions, please give us a call: 760–290- 3460.

HIPAA Vault is the leading provider of HIPAA-compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure, and ensure that systems stay online at all times.

Related Posts

Originally published at https://www.hipaavault.com on October 3, 2022.

--

--

Founder, CEO HIPAA Vault — HIPAA Cloud Solutions http://bit.ly/hipaavault1

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store