Back to Basics: Why Texting Must Be HIPAA-Compliant

More than 2.7 billion individuals use smartphones today, and according to Pew Research Center, 36 percent of these users use at least one messaging application. While many of these applications may include social media messaging or personal chat applications, an increasing number of them now target workplaces rather than individual consumers. Texting in professional settings is becoming more commonplace, resulting in organizations across all industry sectors taking advantage of this communication type. These business communication tools enable teams to text instantly, share files, and even hold video as well as audio calls.

With a growing number of companies implementing texting applications in their respective organizations, there are additional concerns regarding security and the potential of employees misusing these tools. By understanding the communication needs of a particular industry, we can learn how to accommodate any privacy risk – this is particularly important in healthcare. We at Halo wanted to go back to the basics and clarify why texting must be HIPAA-compliant and how you can make sure to keep patient information safe.

Texting in Healthcare
By implementing messaging in clinical workflows, health organizations are able to quickly send information, limit background noise, and communicate more efficiently. Recent studies have shown a significant number of healthcare industry employees using smartphones:

  • 87 percent of physicians use smartphones to “support existing workflows”1
  • 67 percent of nurses use smartphones during their shifts2
  • 44 percent of clinicals use a personal mobile device to communicate, with 17 percent of clinicians using their own devices to access patient data3

However, with the increased use of personal mobile devices by professionals in the healthcare industry, additional practices and policies must be put in place to ensure that texting applications are secure and HIPAA-compliant. From security controls to extensive documentation, incorporating certain guidelines ensures that patient information is protected against any potential threats. This helps health systems and individual clinicians avoid the legal and financial implications of non-compliance.

Risks to Avoid and How to Avoid Them
Whether messaging on a personal device or a device supplied by third-party providers, there are several errors to avoid in order to comply with HIPAA regulations. Messages may reside on a mobile device indefinitely, and the information can be exposed to unauthorized third parties. When texting patient information, the message must be encrypted and secure. Providers also need to assess any potential risks and vulnerabilities to the confidentiality and integrity of their electronic patient information.

Other threats to electronic patient information stored on a mobile device include theft, loss, and improper disposal. In addition, an unauthorized individual can intercept the transmission of ePHI if the messaging platform is not secure. In order to overcome these challenges, various health systems are enforcing administrative policies, updating security measures, and opting to use alternative technologies including vendor-supplied secure messaging applications.

Educating users to better understand the risks surrounding texting in the workplace will be essential to protect patient information. As healthcare communication evolves, it is imperative to place security controls around mobile devices and the use of text messaging. Secure texting facilitates clinical workflows, and with its easy and omnipresent nature, it is only a matter of time until all organizations implement this type of communication – and why HIPAA compliance needs to remain top of mind.

Traditional text messaging is not secure and puts hospital systems at risk of non-compliance with HIPAA regulations. Interested in keeping your clinicians (and system) free from liability? Request a demo of the Halo Platform today!

1 Manhattan Research –
2 American Nurse Today –
3 Wolters Kluwer –