be Smart.
be Secure.
Phone: 800-441-6612

Infographic: Texting in healthcare – a not-so-simple exchange

Sending text messages between health care providers and patients is incredibly common but it is also generally a violation of HIPAA.  See: To Text of Not To Text.  Texting and healthcare.  This infographic covers when texting occurs and where the risk arises.

Texting in healthcare – a not-so-simple exchange

Texting in healthcare - a not-so-simple exchange

Share This Infographic On Your Site

Texting in Healthcare: A Not-So-Simple Exchange

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides protection and privacy for a patient’s protected health information (PHI) and other medical-related data.

When healthcare professionals use text messaging to send electronic PHI (ePHI) via insecure telecommunication networks, that data can be misdirected or stolen, and result in costly, and dangerous, HIPAA violations.

Texting Among Healthcare Professionals

The Upsides

  • Medical personnel, healthcare providers and physicians can send text or SMS messages via smartphones, pagers, electronic medical record (EMR) systems, computerized physician order entry (COPE) systems, appointment scheduling software, and many other applications.
  • Texting is fast, reliable, and easy when working in a busy hospital.
  • It’s popular. Each month, over 350 billion text messages are sent worldwide (2014).

The Downsides

  • Texting a notice of an appointment time with an identified medical professional is a violation of HIPAA.
  • Text messages are often stored and saved on telecommunication servers, online backups, workstations, and smartphones for an indefinite amount of time.
  • Many devices and networks are not secure, not encrypted, and don’t require passwords for access.
  • IT departments at hospitals don’t typically monitor texts sent by smartphone.
  • Text messages with ePHI to patients are not HIPAA-compliant and require proper patient consent and training.
  • Text messages with ePHI between healthcare workers are never permissible under HIPAA.


Texting Prevalence in Hospitals

  • 91% of pediatric hospitalist respondents use a smartphone regularly
  • 60% send work-related texts via their device
  • 61% receive work-related texts via their device
  • 12% receive work-related texts more than 10x per shift
  • 64% send the majority of their work-related texts to other pediatric hospital employees
  • 53% receive work-related texts even when they’re not working
  • 30% noted receiving PHI via text messages

Only 11% noted that the hospital or institution they work with offers some form of encrypted software for communication via texting. 

When Do HIPAA Violations Occur?

HIPAA violations can occur when:

  1. A device containing ePHI is stolen.
  2. A device containing ePHI isn’t disposed of properly.
  3. ePHI is intercepted or viewed by someone who isn’t authorized.
  4. The ePHI in question can’t be accessed by anyone who’s authorized.
  5. A Business Associate Agreement is not in place with vendors* through which text messages which may contain ePHI travel.

* BAAs are required with any vendor used for sending ePHI over text message, as long as that vendor is not a common carrier (e.g. a phone company like Verizon is a common carrier, Apple and EHR vendors are not).

In order to continue texting without having to worry about the protection of ePHI, healthcare organizations must invest in digital security.

Encryption software for networks and devices, encrypted passwords, registered devices, consistent best-practices training, and secure messaging programs are all options available through third-party HIPAA security experts.

Allowing texting without addressing compliance requirements practically guarantees a violation and could be considered “willful neglect.”


Comments are closed.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries