Texting – Another Potential Way to Violate HIPAA
Promulgated in 1996, the Health Insurance Portability and Accountability Act (HIPAA) set standards for protected health information (PHI). PHI includes written, electronic and verbal communications, which encompass: any information that can be used to identify the patient, the patient’s medical conditions and treatments, and billing and payment records. Texting is considered an electronic, written communication and, therefore, falls under the purview of HIPAA. (74 Fed. Reg. 42740 (Aug. 24, 2009)).
According to an American Medical Association article, “physicians who text other doctors could be exposing themselves to privacy and security violations of the Health Insurance Portability and Accountability Act.” Although texting may be more expedient than traditional paging, it also increases liability.
http://www.ama-assn.org/amednews/2011/10/31/bica1031.htm (Oct. 31, 2011).
In addition to federal law, state laws may also apply. "In May of 2011, Texas passed House Bill 300, which amends the Texas Health and Safety Code and contains privacy requirements that are more stringent than the federal privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In particular, the new Texas law imposes requirements regarding (i) training; (ii) electronic health records access; (iii) sales of protected health information; (iv)notice and authorization for electronic disclosures; (v) enforcement and disciplinary actions; and (vi) audits of covered entities. This new Texas law is effective on September 1, 2012." (http://www.winstead.com/NewsEvents/PublicationsSpeeches?find=49904)
Using an encrypted texting network such as Tiger Text, implementing autolock and remote wiping, and best practices are all ways to mitigate liability. (Ibid.) Other items to consider are: making sure the text is sent to the intended recipient, reading or sending a text in the presence of unauthorized individuals, and implementing training policies. Implementing these suggestions will enable physicians to capitalize on more efficient technology while maintaining the integrity of patient information.
Posted on: under: Uncategorized