Blog

Is your texting app HIPAA compliant? Understanding HIPAA-compliant texting

Mobile communication among busy providers and staff has become essential to effective patient care coordination. But when it comes to securing sensitive protected health information (PHI), not all texting apps are HIPAA compliant. Here we dive into the details of the technology to understand the capabilities to consider as you determine the best secure texting app for your organization.

What is HIPAA-compliant texting?

HIPAA-compliant texting is the ability of providers and staff to use smartphone apps to share patient PHI during the everyday care coordination process in a way that adheres to HIPAA guidelines. Although some common consumer texting apps encrypt messages, they don’t offer all the necessary safeguards behind the scenes required to achieve compliance and protect against a data breach. Moreover, the communication needs of a hospital have evolved well beyond simple text messaging (more on this later). 

Is your texting app HIPAA compliant?

Ask yourself these four questions to understand if your texting apps are putting your organization at risk of violating HIPAA regulations:

  • Are your messages encrypted? When messages are sent that communicate PHI, encryption and physical data protection need to be in place. Note: Standard text messages are sent without encryption.
  • Can your clinical messages be remotely wiped? In case of loss or theft, it’s important for your organization to have the ability to delete all messages remotely without wiping the whole device.
  • Can you lock your texting app? If the messages on your mobile device can be accessed without using a password, your messages are far less protected with a higher chance of unauthorized access.
  • Does your organization have clear policies and procedures? Your organization should have clear guidelines about who has access to PHI and how it can be used.

While these considerations are a good starting point, to fully comply with PHI privacy regulations, it’s helpful to understand HIPAA and Joint Commission Guidelines, explore how to establish security protocols, and develop security awareness training for your staff.

Expanding the benefit of secure texting

The basic features listed above will help your organization comply with HIPAA for text messaging, but they won’t necessarily make your providers more productive. For that, you need secure messaging that functions as part of a larger communication ecosystem. This includes:

  • Hospital directory access
  • On-call schedule access
  • The ability to send messages/images/videos
  • The ability to access cloud-based content
  • The ability to send HIPAA-compliant messages to devices other than smartphones (Wi-Fi phones, pagers, computers)
  • The ability to receive clinical alerts from patient monitoring/nurse call systems

Secure texting versus secure messaging: The differences

Given the list of capabilities above, you can see that secure messaging goes far beyond secure texting. While secure texting generally refers to encrypted, app-based communication involving smartphones, secure messaging can be used on smartphones, hospital-issued Wi-Fi phones, desktop computers, and even pagers to protect PHI as it moves throughout the full care team.

Healthcare texting apps used during COVID-19

The COVID-19 pandemic created a unique crisis in communication, and hospitals without a strong foundation of reliable HIPAA-compliant communication practices have faced greater challenges. HealthLeaders and other industry news outlets have warned that security and privacy concerns will increase in 2021, requiring hospitals to focus on safeguarding communications to protect against data breaches.

While generic consumer communication apps might have been a temporary solution for overwhelmed healthcare workers, the additional privacy and security risks they can cause will likely only escalate. The pandemic has reinforced the urgent need for health systems to implement an end-to-end enterprise communication strategy that encompasses efficient, contactless communications that don’t compromise security and expose patient information.

Secure messaging is just the beginning

A 2020 study found that 82% of healthcare professionals surveyed have some level of concern that patient information and proprietary health system data are being communicated via unsecure or personal communication tools. Secure, HIPAA-compliant text messaging is the first step in developing truly effective care team communications. However, to drive streamlined patient care workflows and improved outcomes, secure messaging must be part of a comprehensive approach that goes above and beyond simple text messages. To get started, you can learn more in this eBook: The guide to secure messaging in healthcare

Topic: Secure messaging

By Rob Wilder, Director of Product Management

Rob Wilder is director of product management and leads global interoperability initiatives and IHE participation at Spok. He has more than a decade of experience in healthcare software with specialties in product management, feature planning, product launch processes, and integration program management.