As tempting as it might be for physicians to send and receive texts from patients, it is not a good idea unless certain safeguards are in place.
There even may be legal liability if texts reveal protected health information (PHI) that is confidential under the Health Insurance Portability and Accountability Act (HIPAA).
In fact, the Joint Commission specifically warns physicians that texting orders to hospitals is unacceptable. There is no way for the hospital to verify that the text is really from the doctor and no way to keep the original message in the medical record as required by HIPAA regulations. Although the warning is directed at texting orders, it calls attention to the problems with any text communications between doctors and their patients.
Main concerns
- Any information concerning patient care is required to be kept in the patient’s medical record for a certain period of time. This includes the patient’s description of symptoms, physician’s recommendations for treatment or referral information to and from another doctor. Doctors are also required to allow patients access to their records. None of this can be done with text messages.
- PHI may be revealed. The texting physician has no control over who actually receives and reads the message. Privacy can be seriously compromised, subjecting the texting physician to lawsuits as well as HIPAA violation fines.
- Texting mobile devices may be lost. The finder can access the text messages and obtain the PHI.
If doctors insist on texting patients, texting policies for the medical practice must be implemented
Texting has become so routine that physicians may not realize the importance of establishing policies to control patient exchanges through texting. The risks for litigation are great and safeguards must be implemented. Some suggestions include, but are not limited to:
- Having patients sign a consent form authorizing certain medical information to be sent through texting. The consent needs to be in the patient’s permanent file. The consent should specifically delineate the types of information the patient wants to exchange through texting as well as an agreement that if the patient’s phone number changes, the office will be notified immediately.
- Establishing an authentication procedure whereby patients verify they have received the text.
- A procedure needs to be in place that allows the messages to either be retained in the permanent medical record or be deleted according to a defined process.
- All devices used for transmission by the medical practice must be protected by passwords.
- Medical information transmitted by text must be encrypted.
- All devices used by the practice must be registered to the practice. If an employee who is authorized to use the device loses it, the practice must be immediately notified.
