This June, the American Medical Association (AMA) House of Delegates will take up the issue of patient-physician texting at its annual meeting. With respect to physician-patient communications, the AMA has already issued guidelines for physicians on email exchanges, privacy and confidentiality, and the confidentiality of computerized records. The forthcoming AMA Board of Trustees report and recommendation will likely expand its guidelines on email communications to include text-based messaging and address those circumstances where texting with patients is appropriate and how to remain HIPAA compliant.1
The AMA’s move to issue guidance on the use of texting in the patient-physician context follows on the heels of The Joint Commission’s recent reversal of its prior authorization of secure clinical texting to issue patient care orders. In its December 2016 statement, The Joint Commission, along with Center for Medicare and Medicaid Services, prohibits texting to issue patient care orders, and makes clear that even though technology has advanced to the point where secure text messaging platforms now provide sufficient privacy and security safeguards to meet HIPAA requirements, concerns remain around patient safety, the increased burden on nurses when entering text orders into the EHR and the possibility of confusion due to the inability to seek immediate clarification.
Among and between health care providers, the use of text messaging is becoming more common and is increasingly seen as an essential tool in clinical communications and patient care. Patients are starting to expect that they can text with their providers, rather than adopting other forms of communications, such as logging on to patient portals to retrieve and share information. Providers may feel compelled to respond in kind, but should proceed with caution.
Texting between physicians and their patients directly raises significant HIPAA privacy and security concerns. While some provider organizations try to limit texting to basic uses, such as reminding patients of their appointments or that lab results are available, it is easy for “individually identifiable information” to be captured in a text, thereby becoming patient Protected Health Information (PHI) under HIPAA. Once PHI is included, it becomes subject to HIPAA rules and regulations. Some also fear that texting might diminish the foundational relationship between a patient and his or her physician – a foundation that has traditionally considered to be built on face-to-face communication and dialogue.
Providers who are currently texting with patients or thinking about doing so should consider the following guidance:
- Adopt a text messaging policy at your practice that addresses the issues noted above
- Do not use standard SMS services that are standard on mobile phones, as those violate HIPAA privacy and security standards
- Use a secure texting platform from a reputable third-party vendor to ensure HIPAA compliance
- Get the patient’s consent for the use of text messaging and include a statement regarding the risks of disclosure and lack of security
- Any text containing PHI must be incorporated into the medical record and then deleted from the mobile device
- Include only non-urgent information in any text message
- Include a verification process to verify who received the message
- Text messages need to be able to be audited, monitored, and easily accessed
- Devices should be password protected and encrypted
- The secure texting platform should permit a “data wipe” option in case the mobile device is lost
- Consider purchasing a cyber-insurance policy
Providers who may be texting using basic SMS service should cease usage and instead, consider adopting a secure texting platform to communicate with patients that will help ensure they are meeting the security and privacy safeguards of HIPAA. The fact that the AMA will be issuing guidance on physician-patient texting reflects an acknowledgment that it is becoming increasingly common, and the associated HIPAA risks with using an SMS platform are significant.
We encourage you to contact one of the listed Roetzel attorneys to discuss the legal challenges associated with communicating with your patients via text messaging or other electronic means.
1 Robert Nagler Miller, When patients want to text: HIPAA, OMG! See you L8R, privacy? AMA Wire (2017), https://wire.ama-assn.org/delivering-care/when-patients-want-text-hipaa-omg-see-you-l8r-privacyView PDF