January 26th, 2018
Text messaging is a speedy way to convey information. But in the medical world, mobile communications with patients are still a gray area. Practices must do everything they can to protect patients' privacy in this day and age. Failure to do so results in liability lawsuits, expensive data breaches, and loss of patient trust.
Business insurance for allied health is an important baseline protection for modern practices. But it's helpful to consider potential risks ahead of time: Should your medical practice text patients their prescriptions and diagnoses?
Text Messaging May Violate HIPAA Standards
The Health Insurance Portability and Accountability Act (HIPAA) sets firm rules for handling patients' Protected Health Information (PHI). For example, a medical practice must "maintain the confidentiality, integrity, and availability of all PHI [it] creates, receives, maintains, or transmits."
Text messaging raises some possible risks here, including:
- PHI must be accessible and usable to authorized viewers, but text messages may get lost.
- PHI may not be accidentally altered or destroyed, but text messages are easy to delete on either end.
- PHI must be protected from unauthorized disclosure, but text messages may fall into the wrong hands.
The Cybersecurity Risks of Text Messaging
What if a patient's device gets stolen or lost? Texting makes it very difficult to ensure the intended recipient alone reads your message. Unfortunately, text messages are not encrypted. Now, compare this to a secure portal that requires at least a username and password to access.
If your allied healthcare practice is the source of a data breach, you'll face ramifications—both financial and reputational. Perhaps worst of all is notifying affected patients of your error. Cyber insurance helps organizations deal with the fallout from a hack or breach. However, it's wise to do everything you can to avoid one in the first place.
Reducing Your Risk in Electronic Patient Communications
If your practice decides to utilize text messaging, establish a strict usage policy. Possible stipulations include:
- Patients must sign a consent form before receiving text messages.
- Your practice has a way of logging and safely storing records of text messages.
- Patients must authenticate their identity before receiving messages.
- Patients must notify the practice immediately if their device goes missing.
- Messages will be retained for a set amount of time, then deleted accordingly.
Text messages are a useful tool for confirming appointments, to be sure. But medical practices must be very cautious in extending their usage to transmitting PHI like diagnoses, prescriptions, and more. Pro tip: Revisit your HIPAA compliance and cybersecurity standards regularly.
Protect your practice with business insurance for allied healthcare. CoverHound will help you find an affordable policy for free.