Many physicians and patients like the ease and convenience of text messaging, but practices need to create policies to protect their liability, according to an article from Medical Economics.
"In fact, many physicians who text message do not take into account that the information they send and receive should probably be included in their medical records, nor do they consider the possibility that the protected health information (PHI) in their text messages is not being accorded the necessary privacy and security protection," wrote Barry B. Cepelewicz, M.D., J.D.
Rather than missing out on the benefits of text messaging altogether, Cepelewicz recommended the following precautions:
- To ensure HIPAA compliance, treat PHI sent via text message the same way you would with any other mode of communication. This includes retaining messages for the required length of time, encrypting data and creating business associate agreements with vendors.
- Use an authentication process to ensure the intended recipients read the messages, and consider requiring devices to be "registered" with the practice so that it will be notified immediately if any devices are lost or stolen.
- Copy all text messages that pertain to medical care into patient records. Also keep on file documents that demonstrate patients agree to your text-messaging policy (dictating what types of data may be transmitted, who will have access to the phone, etc.) and whether they consent to communicate with physicians in this manner.
- Define your protocol for when and how to delete messages from devices, including a process for purging data from devices before they are discarded or exchanged.
To learn more:
- read the article