“Whatever I see or hear in the lives of my patients, whether in connection with my professional practice or not, which ought not to be spoken of outside, I will keep secret, as considering all such things to be private.” — The Hippocratic Oath, translated by Michael North (2002)
The Hippocratic oath that doctors take means that they have vowed to a number of different deities that they will protect their patients and provide them the best possible medical care they can give them. By taking the Hippocratic oath, doctors also swear not to divulge any private information of their patients to others. If everyone stuck by this oath, there would be very few HIPAA violations. Unfortunately, that doesn’t seem to be the case. With communication between doctors and their patients being done through a myriad of channels, it isn’t uncommon to think about any of these breaching HIPAA compliance. Is it possible that checking in with your doctor for an appointment schedule is something to be worried about? Here’s a link to learn more about that: https://www.providertech.com/5-hipaa-rules-regarding-text-messaging/
Prevalence of Texting
Texting has become one of the quickest and most efficient ways to communicate. According to Text Marketing Statistics “Daily Mobile phone activity is dominated by messaging above other apps and activities.” It isn’t a question about your patients not being able to get your text or you not getting theirs. Texting has become an option for health care providers, doctors, and medical staff simply because it provides many great benefits.
Benefits of Texting
Due to the COVID-19 pandemic, it is advised that individuals are to stay at home so as to contain the spread of the virus as well as to keep themselves safe. Now more than ever are people wary about their health. Having the need to see your doctor for any old reason may now seem like a daunting task. With the option to text your doctor in between appointments you can get their opinion on whether or not you will need to see them for an in-person appointment. Should you need to make an appointment, texting will allow you to communicate with your doctor or their staff easier regarding the schedule. Should you need to suddenly reschedule, letting them know will just be a matter of seconds with a text. If you are able to make it, your doctor can let you know exactly what time they will be able to accommodate you, allowing you to make the most out of your own time to gauge how long your travel will be and not subjecting you to leaving too early only to sit in a waiting room until it is your turn. Texting also has the added benefit of allowing your doctor and their staff to get into contact with you for reminders about medication, exercises, diets, etc. so you don’t forget. In the case that you do, it allows them to re-engage you when you would have possibly done otherwise.
With all of these benefits, it is a wonder why texting can be considered a HIPAA violation. Well not all texts and texting applications are created the same. Oftentime when we think of texts, what comes to mind may be the default texting application installed on our phones. If not those then instant messaging applications like Telegram, WhatsApp, etc. are commonly used as well. Unfortunately all of these fall under the category of “unsecure communication channels.” This is because they don’t meet the “Minimum Necessary Standard.” This standard is defined by the HIPAA Privacy Rule.
Texting as a HIPAA Violation
The requirements are as follows:
- Those with authorization to communicate PHI must authenticate their identities with a unique username and PIN.
- A system must be implemented to monitor the activity of text messages containing PHI and ensure message accountability.
- Data transmitted beyond an organization’s internal firewall must be encrypted so that it is undecipherable if intercepted in transit.
Common messaging applications mentioned earlier don’t have these features, allowing just about anyone to get into your messages and access your PHI should they gain access to your mobile phone. “Without these minimum standards in place, texting is in violation of HIPAA whenever a text is sent containing PHI.” This could be a challenge as personal mobile phones or smartphones are becoming the norm in many medical practices.
Sometimes it may seem like HIPAA violations aren’t all that much of a big deal. Sometimes they almost seem a little silly when anecdotes about Walgreen’s pharmacists and their husbands’ exes are the talk of the town. But there is a real severity that comes with these violations that don’t immediately click. In the case of this HIPAA violation, it was pointed out by the victim’s legal counsel that it may feel stigmatising to have your personal health information out in the open. Medical conditions may be something you want to keep to yourself until you are more comfortable to speak up about them. But in this case, it may feel so uncomfortable that a patient may even stop seeking out treatment and may cause their ailment or affliction to get worse. On the other hand, common HIPAA violations come in the form of phishing and data breaches of hospital records. This allows hackers to get crucial personal information that may be used for a variety of nefarious activity.
With all of this in mind, it may seem daunting or questionable to have texting as an option for communication between patients and their doctors. Well this doesn’t have to be the case. There are plenty of options not for HIPAA compliant communications which ensures that your PHI is protected while also providing you the benefits of regular texting. Remember that these channels were made to better service patients and not to put them at any risk. These risks aren’t just about their physical or mental health but the security of your information as well. Take a moment to go over the 5 HIPAA rules regarding texts and reach out to your doctor or healthcare provider to find out how you can get involved in HIPAA compliant communication with them now!