I was recently having dinner with a physician client of mine and, as we were about to order, he received a text message. The on-call physician had texted him about a patient’s condition. After my client responded via text message, he put his phone face up on the table without clearing the screen. As I glanced down to pick up my menu, I couldn’t help but see the text conversation my client had had with the on-call physician. Luckily, the patient’s name had been in a previous message that was not visible on the screen. Had my client just violated the Health Insurance Portability and Accountability Act (HIPAA) by inadvertently allowing me to glimpse at the text message conversation?
Two of the key benefits of technology are efficiency and convenience. When a technology can enable physicians to provide patient care in a more efficient and convenient manner, it usually is a win–win situation. It is more efficient and convenient for a physician to receive a text message concerning a patient’s test results, glance at it, and then get back to seeing another patient who is in need of more imminent attention. The alternative would require the physician to physically go to the patient’s record to view the test results, which takes time and focus away from another patient who may be in need of more immediate assistance.
How about when two physicians are treating the same patient? One physician wants to report to the other about the patient’s test results, and the other physician is in clinic throughout the day. Rather than the first physician waiting on the phone for the other one to become available or paging the physician, he or she could convey the information via text message. If there is follow-up information or discussion required, then the parties can discuss that at a later convenient time.
As handy as text messaging may seem, allowing a physician to more easily handle a busy caseload, there are significant HIPAA concerns related to texting a patient’s protected health information.
Could Texting Violate HIPAA?
Under HIPAA, physicians are required to protect the privacy and security of a patient’s healthcare information. HIPAA allows healthcare providers to disclose a patient’s healthcare information for treatment, payment, operations, and other distinct purposes. However, HIPAA requires that healthcare providers maintain administrative, physical, and technical safeguards to protect this information. This safeguard requirement is what has many physicians’ attorneys worried that their clients are violating HIPAA on a regular basis.