HHS has identified five steps to help organizations manage mobile devices in a health care setting:
- Decide whether mobile devices will be used to access, receive, transmit, or store patients’ health information or will only be used as part of your organization’s internal networks or systems (e.g., your EHR system);
- Consider how mobile devices affect the risks (threats and vulnerabilities) to the health information that your organization holds;
- Identify your organization’s mobile device risk management strategy, including privacy and security safeguards;
- Develop, document, and implement the organization’s mobile device policies and procedures to safeguard health information; and
- Conduct mobile device privacy and security awareness and training for providers and professionals.
Keep in mind that HHS does not require specific technology solutions, but rather allows covered entities to determine what is reasonable and appropriate for their individual organization. The following are only some of the measures that may be used to protect PHI sent via text messaging:
- Automatic Logoff;
- Passcode protection;
- Registration of devices; and
- Secure disposal of devices.
TigerText, one of the leaders of “secure messaging” in health care environments, is now used in over 3,000 facilities. The company’s website touts that since implementing the use of its app, Carvajal Pharmacy is filling prescriptions 50% more quickly, and Wellcon is seeing 15 more patients per shift. With statistics like these, it is hard to deny the benefits that texting can provide. Still, providers and staff must understand the risks involved and strictly adhere to a set compliance policy. A text can be sent in an instant, but the potential damage associated with the release of information that it contain can last much longer.
McBrayer, McGinnis, Leslie & Kirkland, PLLC