As communication portals rapidly grow, text messaging proves to be a faster means of send and receive mechanism for physician-patient correspondence.
Physicians are finding text messaging more convenient and efficient than emails when communicating with their patients and colleagues. As communication portals rapidly grow, text messaging proves to be a faster means of send and receive mechanism for physician-patient correspondence. However, text messaging can present major legal issues when haplessly used. In fact, many physicians do not consider the information they send as part of the medical records and may therefore be a security risk and violation against the patience privacy of information.
Include texts in the record
When corresponding with patients through text, information sent, including information pertaining to diagnosis or treatment, would be considered protected health information (PHI), and should be included in that patients medical records. Just as a letter from the patient containing similar data is recorded, so must this type of communication.
If the text message contains PHI, make sure it is in no violation of laws governing PHI, including and especially the Health Insurance Portability and Accountability Act (HIPAA). Be aware of the period of time allowed for the text message to be retained, allowable access of patients to amend and see the message, and signing into Business Associate Agreements with vendors. Deleting text messages is not as simple as you would other personal text messages as it could violate certain laws. Furthermore, it could be a disadvantage ever you find yourself in a lawsuit for malpractice when you and the patient do not have copies of the messages.
What would be the security risks surrounding text messages? There are plenty to name, but probably one the major risks would be information breaches that could result to misuse of information. For example, if your device is stolen or lost, unencrypted messages could be easily accessed by a malicious user. The Joint Commission expressed that texting orders for a patient at hospitals is not acceptable as validation of those orders could not be verified. Moreover there is the issue of verifying the identity of the person who sent the text and the text messages could be deleted to disallow confirmation of what is entered into the medical records.
Creating message policies
As much as it is convenient, text messaging poses more risks of security breach than we ought it should. The best way to avoid legal charges is to simply dismiss text messaging and opt for more secure communication portals. However, when completely necessary, you can correspond via text messages but make sure to apply security protection to avoid any unwanted liabilities.
It is advisable to create standard policies to apply to text messaging, to which you may resolve that the messages only contain certain non-urgent information. You may also setup a verification system to make ensure of the identity of the person receiving the text. Have the text messages audited, monitored, accessible, and most importantly make sure that the device is password protected and encrypted.
Other criteria for consideration could be:
- The text messages that relate to patient treatment should always be incorporated into the medical record and then deleted from the mobile device.
- The text messages retained or deleted, should follow defined protocols.
- When a device will be discarded or replaced, make sure the messages are deleted.
- The devices used are should be “registered” with the practice so that in case the device is lost or stolen, the practice can be immediately notified.
- Always inform the patients about text messaging and obtain their consents, or where there is lack of consent, include the case in each patient’s medical record.
- The consent may include the kinds of information the text messages will include, who will have access to the phone on the receiving end, and that once texts are read by the patient they will be deleted. Also include that when a patient changes numbers, they should notify the practice in written communication.
Have questions about electronic messaging in your medical practice? Call your team of medical IT experts at Integris today. We can help you make sense of all the confusion with email, text messaging and other forms of online communication. Call (888) 330-8808 or email us at [email protected].