Texting patients: does it violate HIPAA?

In the midst of busy day where there’s no time to chat, sending a text message to communicate is a quick, convenient fallback. But, how many people actually prefer texting over talking on the phone? According to a 2011 report by the Pew Research Center, approximately 83% of Americans own cell phones and of these, 73% use the text messaging function. Additionally, a 2016 survey conducted by OpenMarket found that 75% of millennials “chose texting over talking,” often citing the convenience of communicating on their own schedule. As students, we often text our family, friends and classmates to coordinate our daily lives, but many of us may also text our patients to confirm appointments and address questions.

While texting might seem to be a convenient way to contact patients, it’s important to remember that this action raises many important implications for patient privacy. The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the United States Congress in 1996 in order to establish national standards to protect the health records of patients, also known as Personal Health Information (PHI). Additionally, the Final Rule on Security Standards, a rule under this act which addresses electronic PHI, took effect in 2003. By these regulations, communicating with patients electronically through a non-secure network, such as a secondary texting application, puts us at risk of violating PHI and HIPAA policies.

Dr. Robert Trombly, associate dean of Clinical Education and Student Success at the Arizona School of Dentistry and Oral Health, notes, “Exchange of patient information via texting on smartphones, cell phones or tablets has a high risk for HIPAA violations. Providers run the risk that patient data may be compromised on public wi-fi or open cell phone networks, as well as through loss of the device itself.” Given the ease and popularity of text messaging, this is an answer that many of my colleagues probably do not want to hear. However, the consequences can be quite hefty: the penalty per violation starts at $100 if the individual was unaware of his or her actions, but can reach up to $50,000 plus a potential jail sentence if the violation remains uncorrected through willful neglect.

In my personal conversations with dental students from schools across the nation, it appears that there are vast differences in their experiences. While all dental schools strongly discourage texting patients due to privacy concerns, this policy seems to be more strongly enforced in some clinics than others. This article, however, is not meant to frighten students or to accuse anyone of negligent policies. My hope is that this information helps to increase awareness among students regarding HIPAA and the role we each play in protecting the privacy of our patients. After all, understanding HIPAA policies will become more important than ever when we transition into the workforce. We are fortunate to be in a profession where we are trusted to protect the information and personal health of others. Let’s rise to the occasion.

So how can you take action with what you know now? Here are several alternative options to consider.

  • Call the patient and speak with him or her directly. If your patient does not answer, avoid leaving any personal information on the voice message, Instead, keep it brief without discussing the specifics of your upcoming appointment with them.
  • Secure text messaging applications can be purchased for use on smartphones. However, do your due diligence to ensure that the application is truly HIPAA-compliant and be mindful of what you share over the secure network message as well. Use your best judgment on what you are willing to communicate, whether it means simply sending appointment reminders or even answering patient questions.
  • Obtain written, informed consent if you choose to continue using insecure channels, such as email or SMS text. In the same way we offer patients alternative treatment options, ensure that they understand that there are secure alternatives available for them to use patient-provider communication. However, please note that unfortunately, use of the popular Apple iMessage service is not considered HIPAA compliant, even if patient consent has been obtained.

For more information about HIPAA for professionals, visit http://www.hhs.gov/hipaa/for-professionals/index.html

~ Feras Ziadat, Arizona ’18, local chapter treasurer

You might also like:

About Feras Ziadat

Feras Ziadat is a third year dental student at the Arizona School of Dentistry and Oral Health. He currently serves as chapter Treasurer. During his free time, he loves to play soccer and spend time with his wife and family.

You might also like:


Comments (2)

  1. Rebecca ziadat

    I’m so proud of you always been. Wish you more success as you go on in life ,love you

    Reply

Add a comment

  • (will not be published)

Time limit is exhausted. Please reload CAPTCHA.