Text “NO” to stop the HIPAA Violations

Doctors inappropriately using Text Message Reminders

See also:

• ePHI in Text Messages and Insecure Email: Does HIPAA allow Mutual Consent?
• To Text or Not To Text: Texting under HIPAA

I just got another text message reminder from my doctor about my upcoming appointment. The problem is I never asked for it and that’s a HIPPA violation. These text message reminders are PHI. My phone number identifies me and the information in the text where I have an appointment, with whom, when it is, that’s information about a future medical visit and that’s PHI, and HIPPA says that has to be protected. Unfortunately, a text message is not secure. It doesn’t authenticate and it really isn’t okay under HIPPA. It just really bothers me that this happens over and over again from different doctors, dentists, pharmaceutical providers, pharmacies, they’re all sending these notices and not really taking adequate protections. Some people do. Some people do it right.

In order to do it right they need to train me on the risks that I’m taking by accepting insecure communications. They have to give me some alternative, like secure email, secure text, secure fax, I mean something, and then if I don’t want to do that they have to let me sign an agreement saying that it’s okay and I accept the risks. That’s pretty rare. I almost never see all those steps taken and that means that most of our organizations are really not doing all they need to do to be compliant. I hope that you check out what your doctor’s doing and see if you’re being properly educated. If not, bring it up to them, because this is one of the things that’s easy to fix and they really should take the steps needed to do so.