HIPAA May Disallow Sending Health Information Via Text
Mobile devises are becoming increasingly ingrained in our day-to-day lives. It’s not just about talking anymore; everything from apps to social networking to banking is quite literally at our fingertips.
But, when it comes to your health, the law may have fallen drastically behind the technology. The federal Health Insurance Portability and Accountability Act of 1996 made drastic changes to the rules protecting individually identifiable health information. In 2012, the confusion surrounding HIPAA and texting is making it unclear whether or not health care entities may legally send sensitive medical data via text.
Current Standards for Texting Unclear Under HIPAA
SMS technology, texting to most of us, existed when HIPAA privacy and security regulations were finalized. However, at the time it was not widely utilized in the U.S. According to CTIA, the wireless industry association, Americans sent 258.2 million texts a month in 2001; by 2006, that number had grown to 18.7 billion; at the end of 2011, an astounding 193.1 billion texts were being sent over American phone lines every month.
As implemented, HIPAA does not directly address sending protected health information via text messaging. Its general standards for the transmission of electronic protected health information require hospitals and other covered entities to implement policies and procedures that restrict access to, protect the integrity of and guard against unauthorized access to the data.
Do texts live up to this standard? Some experts argue that they do not. Whenever a text is sent, one or more copies are stored on the telecommunications server involved in the transmission; since practices regarding server storage of text messages have never been verified or standardized, it is not clear whether they could jeopardize protected information. There is an additional fear that text messages can be monitored or intercepted remotely relatively easily.
However, not everyone agrees that texting health information violates HIPAA standards. There has never been a documented breach of protected health information related to texting, and as yet the federal government has never investigated any HIPAA covered entity for texting protected health information. There are vendors currently marketing secure text messaging technology to HIPAA covered entities, but it is unclear whether this technology is in fact required to be in full compliance with regulations when sending health information via text.
Talk To a Health Care Attorney for More Information
Do HIPAA rules need be updated to directly address texting? Although just what updates would be appropriate remains open for debate, a clearer standard could certainly benefit practitioners who just want to protect patient privacy and stay in compliance.
If you are involved in the health care industry and have questions about HIPAA compliance, talk to a health care law attorney for more information.