Dangers of Unsecure Texting

Posted June 14, 2013, Posted by Tracey Haas, DO, MPH, Co-founder and Chief Medical Officer of DocbookMD

Doctors do not plan ahead to violate HIPAA, but in this digital age, they may be doing it because they did not plan ahead.

Here is a common way physicians are breaking HIPAA/HITECH privacy and security rules, and may not even know it.

Texting PHI to members of your care team. It’s a simple scenario: you’ve just left the office, and your nurse texts you that Mr. Smith is having a reaction to the medication you’ve just prescribed. She has included his name and phone # in the text. You may know that texting PHI is not legal, but feel justified because it is a serious medical issue. Perhaps you even believe that deleting the text right away will protect you – and Mr. Smith.

In reality, this text message with PHI has just passed from your nurse’s phone, through her phone carrier, to your phone carrier, and then to you – four vulnerable points where this unencrypted message could either be intercepted or breached. In a secure messaging app, this type of message must be encrypted as it passes through all four points of contact. Ideally, both sender and recipient should be verified and have signed a business associate agreement (BAA).

All messages sent and received via the messaging app, DocbookMD are encrypted in this way to protect you from potential security breaches. All DocbookMD users must sign a BAA to verify they will do their part to comply with HIPAA.

For more information, visit ONC’s official site for mobile devices and HIPAA.

Leave a Reply

You must be logged in to post a comment.

Back to top