Texting and HIPAA Violations

A recent survey indicates that over 73% of physicians use text messages to communicate with their staff or referring providers regarding patient care, and many doctors have also adopted the practice of texting directly with patients.  Often texting is the easiest, quickest form of communication for busy physicians, but SMS texting is not compliant with HIPAA security measures.

With health data security breaches on the rise, it’s important for medical practices to understand the risks of SMS texting to discuss PHI.

Risks of SMS texting PHI include:

Security breaches – more than 120 million patients have been affected by more than 1100 health data breaches since 2009.  In 2015 alone, 112 million Americans (almost 35% of the population) had health data compromised in a breach.  As credit card data becomes more secure, experts predict that healthcare data will become increasingly vulnerable to hacking and theft; a Reuters report recently found that medical information is now 10 times more valuable than a credit card number.Higher IT administrative costs – Every instance of breached healthcare data requires costly mediation, which takes heavy toll on individual organizations and the industry as a whole.  The average cost of a single breach is almost $4 million, up almost 25% since 2013.  These costs could include hiring an auditing company, providing ID theft protection services for affected patients, and fines levied by the HHS Office for Civil Rights (OCR).  A recent data breach study estimates that breaches cost the healthcare industry about $5.6 billion annually.Fines – OCR launched Phase 2 of its HIPAA Audit Program in 2016.  Privacy and security breaches can result in fines of $100 to $50,000 to covered entities.  In 2014 HHS fined two NYC health systems $4.8 million for a highly publicized breach.Reputation and patient trust – The old adage “there’s no such thing as bad publicity” does not apply in the healthcare industry.  Trust is the cornerstone of the patient/provider relationship and bad press around HIPAA violations can be damaging to hospital, health system or physician practice.Termination by employer – If you’re employed and you failed to secure data, you could be found to be at fault in the audit process and risk losing your job.

Facilitating easy, effective, secure communication is central to the OhMD mission.  We’ve designed our platform to look and feel just like text messaging so that providers don’t need to choose between convenience and compliance, and we offer our basic texting functionality free of charge.  Questions about how OhMD would work in your practice?  Contact us.