SMSMessaging

From Clinfowiki
Jump to: navigation, search

SMS Messaging in Healthcare

Electronic messaging is also common among healthcare providers with an estimated 73% of physicians reporting they text colleagues about their work.[1] SMS and multimedia messaging service (MMS) compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) is debated. While the exact standards of HIPAA and the HITECH act are vague, many believe that SMS and MMS messaging does not meet these standards and several messaging applications have been developed to address this need.


HIPAA, HITECH, and Joint Commission Regulations

HIPAA was introduced into law in 1996 and included regulations on privacy of health information for delivery of care, medical billing, transmission of patient information, patient’s access to their health information, and research.[2] Contained with HIPAA are requirements is to “…assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality healthcare…"[3] This specifically becomes a concern for messaging when they include protected health information (PHI) such as but not limited to names, date elements associated with a patient, biometric identifiers, or any other unique identifying number, characteristic, or code.[4]


SMS use in Healthcare

A 2017 national anonymous survey of 409 hand surgeons found that 63% did not believe SMS messaging met HIPAA guidelines yet 63% of respondent reported using SMS messaging in their clinical work, with respondents age 50 or younger to be 1.59 times more likely to use SMS messaging.[5] An anonymous electronic survey of 678 medical training programs including 2427 respondents found that 47.1% of surgical specialists, 32.3% of obstetricians and gynecologists, 26.5% of internists, and 19.6% of pediatricians “often” or “routinely” sent SMS messages including PHI.[6] Multiple studies have identified inconvenience, lack of knowledge, and lack of access to alternatives as to why healthcare providers use SMS messaging to transmit PHI.[7][8][9]


Pro SMS and MMS Messaging in Healthcare

Some advocates argue that SMS and MMS messaging in healthcare is not explicitly forbidden by HIPAA or the HITECH act. Supporters of SMS use in healthcare note that while SMS and MMS messaging raises concern for data security short-range paging has routinely been used in the communication of patient PHI and shares many of the security concerns of messaging such as security of devices and risk of an unintended recipient or viewer. Advocates also suggest that useful clinical communication without transmission of PHI is possible by careful selection of data transmitted and use of unstated context clues; in this example excluding identifying biometrics from the photograph, not transmitting patient’s name, gender, age, or medical record number, and not specifically identifying the healthcare facility or patient location in the MMS message.[10] This deidentification is described as the “Safe Harbor Method” and proposes that PHI that has had all 18 forms of identifying information removed is no longer subject to the regulations imposed by HIPAA.[11]


Anti SMS and MMS Messaging in Healthcare

Many advocates, and field leaders of health administration and health systems, argue that SMS and MMS messaging is not consistent with HIPAA and recommend against its use in healthcare. One concern is that SMS and MMS messages are not encrypted as they are transmitted putting them at risk of being captured by a third party.[12] Additionally, because mobile phone carriers handle and retain SMS messages on their servers some argue that to meet HIPAA regulations a business associate agreement would be necessary which are not routinely included in person contracts. Critics also suggest that information deidentified to meet the standard of the "Safe Harbor Method" by definition would not be useful to individual patient care.[13] Also of note, the Joint Commission stated in their 2011 recommendations that “...it is not acceptable for physicians or licensed independent practitioners (LIPs) to text orders for patient care, treatment, or services to hospitals or other health care settings.”[14]


References

  1. Greene, A. H. (2012). HIPAA compliance for clinician texting. Journal of AHIMA, 83(4), 34-36.
  2. Annas, G. J. (2003). HIPAA regulations-a new era of medical-record privacy? New England Journal of Medicine, 348(15), 1486-1490.
  3. Services, D. o. H. a. H. (2003). Summary of the HIPAA privacy rule. Office for Civil Rights.
  4. Drolet, B. C., Marwaha, J. S., Hyatt, B., Blazar, P. E., & Lifchez, S. D. (2017). Electronic communication of protected health information: privacy, security, and HIPAA compliance. The Journal of hand surgery, 42(6), 411-416.
  5. Drolet, B. C. (2017). Text messaging and protected health information: what is permitted? Jama, 317(23), 2369-2370.
  6. McKnight, R., & Franko, O. (2016). HIPAA compliance with mobile devices among ACGME programs. Journal of medical systems, 40(5), 129.
  7. Drolet, B. C. (2017). Text messaging and protected health information: what is permitted? Jama, 317(23), 2369-2370.
  8. McKnight, R., & Franko, O. (2016). HIPAA compliance with mobile devices among ACGME programs. Journal of medical systems, 40(5), 129.
  9. Samora, J. B., Blazar, P. E., Lifchez, S. D., Bal, B. S., & Drolet, B. C. (2018). Mobile messaging communication in health care: rules, regulations, penalties, and safety of provider use. JBJS reviews, 6(3), e4.
  10. Samora, J. B., Blazar, P. E., Lifchez, S. D., Bal, B. S., & Drolet, B. C. (2018). Mobile messaging communication in health care: rules, regulations, penalties, and safety of provider use. JBJS reviews, 6(3), e4.
  11. Drolet, B. C. (2017). Text messaging and protected health information: what is permitted? Jama, 317(23), 2369-2370.
  12. Choi, B. G., & Intner, S. K. (2017). Security of text messaging in clinical care. Jama, 318(14), 1395-1395.
  13. Choi, B. G., & Intner, S. K. (2017). Security of text messaging in clinical care. Jama, 318(14), 1395-1395.
  14. Commission, J. (2016). Clarification: Use of Secure Text Messaging for Patient Care Orders Is Not Acceptable. Retrieved from https://www.jointcommission.org/assets/1/6/Clarification_Use_of_Secure_Text_Messaging.pdf

Submitted by Richard Silvera