Text Messaging and Being HIPAA Compliant

Text Messaging
Share this Post
Share on facebook
Share on twitter
Share on reddit
Share on linkedin
Share on email

Text Messaging and Being HIPAA Compliant

Today, many doctors use mobile messaging as a useful tool to collaborate, communicate with coworkers, organize appointments, and even send test findings to patients. Patients rely on smartphone apps for appointment scheduling and updates and, thanks to the rise of telemedicine, technology is also being used for ongoing care coordination and opioid control.

Without a doubt, the security of transmitted patient data is a top concern with the rise of text messaging within the healthcare industry. The HIPAA provisions were, of course, developed specifically to protect confidential patient data and to control the processing of personal health information (PHI) by the agency involved. Thus, any entity covered must have measures and policies in place to restrict access to PHI only to authorized users. As well as for third parties constituting business associates who may not comply with HIPAA, Business Associate Agreements (BAAs) should be put in place to keep third parties responsible for the security of the PHI to which they have access.

Text Messaging and Being HIPAA Compliant

PHI’s electronic communication through cell messaging or text message is not resistant to HIPAA and BAA requirements. Rather than prohibiting mobile messaging, HIPAA requires covered entities and business associates acting on their behalf to implement administrative, physical, and technical safeguards when transmitting or storing electronic PHI (ePHI). HIPAA does not recommend specific safeguards to protect the ePHI sent via mobile messaging – opening up a myriad of security risks to many healthcare organizations and their patients. HIPAA’s Privacy Rule states that it is a fact-specific determination whether a use case involves HIPAA and BAAs (or falls within limited exceptions). Technology evolving means the development of factual scenarios. Instead of merely relying on HIPAA’s interpretations of vendor partners as they relate to new facts, innovative companies should focus on ensuring best practices for assessing and mitigating the safety risks associated with PHI transmissions. HIPAA’s Security Rule provides a useful framework for evaluating and mitigating ePHI-related risks.

Text Messaging and Being HIPAA Compliant 1 Text Messaging and Being HIPAA Compliant Text Messaging and Being HIPAA Compliant

Critical technical safeguards included in the HIPAA Security Rule that are worth reviewing before any ePHI is messaged include the following controls: unique user identification, automatic logoff, encryption/decryption, auditing, integrity management, authentication and security of transmission. An analysis to determine risk where ePHI lives within the organization and what risks threaten it (e.g., natural disaster, malicious breach, employee negligence, etc.) is equally essential to ensure that all ePHI stays HIPAA compliant during text transmissions.

Mobile messaging also provided a quick and cost-effective way to communicate with ePHI. As a result, text messaging solutions specifically designed for healthcare organizations will remain on the market; however, it is imperative that the various risks arising from mobile messaging vulnerabilities be recognized. Take the time to assess the corresponding risks and establish a thorough security protocol to ensure compliance with HIPAA before leveraging text messaging to optimize your healthcare organization’s efficiency. In doing so, the potential for unauthorized use or disclosure of ePHI may be avoided, and the threat of devastating data breaches may be significantly reduced.

Text Messaging and Being HIPAA Compliant

To find more information on whether you’re staying HIPAA compliant then read our previous blog, Is your email HIPAA Compliant? What you need to know.

website design
Lets make something great together!

Found yourself with an outdated, old-fashioned website? We can help!

Fill out the Discovery questionnaire to get started!

DIY & Self Help Center

All you need to know guide for providing Telehealth Services

If you want your practice to expand into providing telehealth services but don’t know where to start, read on to learn more about these services, how to go start, how to use them to grow your practice revenue and what changes you need to bring in your practice to stay on top so you can get paid for these services. We have also done a detailed analysis on popular 3rd party tools and platforms available, including price comparison. Read our All you need to know guide for providing Telehealth Services.

Read More »
Subscribe to our weekly newsletter!
Get news in your mailbox- Tips and tricks in marketing, tech, compliance and latest in practice management.
Unsubscribe anytime.
CALL 2249001110hello@practicetechsolutions.com

Your Marketing & Practice Management Info Source!

Reputation Management
Social Media
Email Marketing
Online Advertising

What kind of website are you looking for?

Number of pages?

What kind of website are you looking for?


Do you want to estimate the cost of Search Engine Ranking related services for your practice?

SEO helps you get found when people search on internet. A better ranking means you can create reputation for specific services. Like “vaccine friendly doctor” or “carpal tunnel specialist”


Do you want to estimate cost for review or reputation management services

83% of people look up reviews online before they engage with any practice. Getting more positive reviews for your practice makes it more likely for people to come and be your long term client. It also improves your SEO.


Do you want to include cost estimate for social media marketing for your practice?


Do you want to include cost estimate for email marketing for your practice?


What type of online advertising are you looking for?


Your Information

This website uses cookies to ensure you get the best experience on our website.