Texting is to this decade what e-mail was to the last. It's the "killer app" that people of all ages and demographics love. In fact, it's so endeared and easy to use that we regularly see physicians and staff sending text messages to patients, without recognizing or mitigating the risk. It's the rare practice that has developed text usage policies and procedures, or encrypted the mobile devices of physicians and staff.
Understand this: Standard "SMS" (Short Message Service) texting is not encrypted or secure. It's not HIPAA compliant. Without taking proper precautions, texting with patients puts your practice at risk for data breaches, security hacks, and HIPAA violations.
Ways that standard "SMS" text messaging falls short
• Unencrypted and unsecure
• Recipient cannot be verified
• No way to escalate high priority messages
• Patient texts are mixed in with personal contact texts on a mobile device
• Can't categorize or sort SMS text messages by type, only by recipient name
• Can't easily print or port to EHR, so pieces of the patient's record remain "outside" the chart
• No archiving capabilities
So take these five digital precautions, and improve your ability to safely text with patients.
1. Stop all texting until you put some rules in place
In a recent client meeting, we heard one surgeon casually mention that patients regularly text him photos of their post-op incision sites. His partners had no idea. Neither did the administrator. Your staff may already be texting patients. Physicians too. Ask everyone to pause their texting until you put some risk reduction policies in place and confer with an attorney. Politely inform your text-using patients that the hiatus is for their protection and privacy.
2. Encrypt all mobile devices
This is a simple step that most practices overlook. "Encrypting all mobile devices is good practice, whether you are texting with patients or not," according to healthcare attorney Michael Sacopulos, president of the Medical Risk Institute in Terre Haute, Ind. "But encryption software is especially important if you are texting patients because it reduces the risk of unauthorized parties accessing text and other data on a physician's or staff's mobile device." Implementation is straightforward and inexpensive. Sacopulos suggests security software such as Kaspersky, which costs $75 to $100 per year, per device.
3. Develop a text usage policy
Such a policy should include details such as who is authorized to send/receive text messages from patients, message response times, appropriate and inappropriate topics for text messaging, how a critical text will get escalated, how data from text messages is included in the patient record, and more. Use these "Guidelines for Developing a Text Messaging Policy" to drive this discussion, and work with a healthcare attorney to refine a policy that reflects the laws in your state. Then be sure everyone in the practice is trained to follow it.