To a physician, a simple text message does not appear like it could possibly jeopardize these safeguards, but this perception is incorrect. For starters, it is difficult to be sure that there is no one in eyeshot of your phone screen. If a physician is at a busy restaurant and a text message comes in containing patient information, the physician may not be the only one seeing the text message. This has HIPAA implications because the physician has compromised the privacy of the patient’s healthcare information. The damage is done once an unauthorized person views the patient’s healthcare information.
Use the same physician as an example again, but this time the physician is alone at home, and there are no onlookers who could catch a glimpse of the patient’s healthcare information. This scenario appears to be safe, but a text message is stored on different servers, not just on the phones of the sender and receiver. If a hacker were to break into one of these servers and obtain those texts, this would constitute a security breach under HIPAA. It does not matter that the hacker had no intention of obtaining a patient’s health information and did not even know what he or she was getting. It is, nevertheless, a HIPAA violation.
Take that same physician again, but this time the physician leaves his or her cell phone, which contains a text message with a patient’s healthcare information, at a restaurant. Someone picks up the cell phone and, in an effort to determine the phone’s owner, sees the text message that contained a patient’s healthcare information. Even though that individual had no intention of viewing the patient’s healthcare information, it is still a HIPAA violation, because an unauthorized person viewed the patient’s personal healthcare information.
Preventing HIPAA Violations
Although there may not be a HIPAA violation until a patient’s healthcare information is actually intercepted, the threat of a violation is very real. The threat of a HIPAA violation remains with every text message regarding a patient that a physician sends or receives. It is advisable for physicians to password-protect their cell phones. It is even better if the cell phone software requires the password to be changed on a regular basis. Although passwords may help prevent some security breaches, a password may be nothing more than a minor inconvenience that can be circumvented by a hacker. There are also software programs and applications that can be downloaded that encrypt and decrypt messages. Some of these apps can send messages via a secure server. However, most physicians are not currently employing these apps, and those who do find them cumbersome to use. Even those programs that advertise that they provide a secure network to transmit protected information may not be “HIPAA proof.”
