All You Need To Know About SMS Texting and HIPAA Violation
One may find it unusual when terms like SMS texting and HIPAA violation are correlated. However, it is 100% factual that SMS messages may result in a HIPAA violation penalty.
SMS Texting & HIPAA Violation
There is a sort of ignorance for the healthcare organizations when it comes to the use of text messages and whether SMS texting is a violation of HIPAA Rules. However, this skepticism is obvious as there is no specificity of SMS text messages in HIPAA. It is noticeable though that HIPAA Rules do cover electronic communications, and SMS messages aren’t spared.
The content of the messages plays a key role in the HIPAA compliance. Also to whom are the messages sent is another important factor to keep in mind. For any SMS being texted to the patient containing any protected health information of the patient or any personal identifiers falling under the classification of PHI in HIPAA Rules, the crucial part is whether consent has been obtained to send information via the SMS network. All these features are considered while looking for HIPAA Rules violation in SMS texting.
As far as access controls are considered, there is always an inadequacy when it comes to SMS messages. There are always chances that the sender or receiver of an SMS message might lose the device and the device access might end up into the hands of an unauthorized individual. Also, there are 100% chances that the sent message will be received by the intended recipient, and as it is known that there is no existing system that confirms the identity of the sender or receiver of the message.
When PHI is conveyed outside an organization’s area of control, PHI must be protected to prevent accidental disclosure. So, SMS texting is a violation of HIPAA if PHI is included in the message, and this also implies to instant messaging.
The penalties for HIPAA violations are severe ranging from $50,000 per violation per day up to a maximum fine of $1.5 million per calendar year. Ignorance of HIPAA Rules in relation to texting is not an excuse that regulators will accept.
Use Texting to Communicate PHI and Still Avoid HIPAA Violation
A HIPAA-compliant text messaging solution includes access controls to make sure only the intended recipient can access a message. It is necessary that the users login to the system to access messages and they are automatically logged off when there is a while of inactivity. All the users of this very platform are in an enclosed network to ensure messages are not accidentally sent to unauthorized individuals.
This secure platform is a characteristic of end-to-end encryption to ensure messages are not intercepted in transit and that all communications via the network are monitored. In case of loss or theft of a mobile device, the platform allows all messages on the user’s device to be automatically erased. There is also the provision to prevent PHI from being copied and pasted to other apps.
If these HIPAA-compliant messaging apps are used, the healthcare organizations enjoy the benefits of texting and avoid violating HIPAA Rules.