I once worked in a medical practice where the doctor gave his personal cell phone number to everyone. Patients, supply and drug representatives, employees, all were able to contact the doctor directly. He was proficient with texting, so in addition to phone calls he got electronic text messages. Sometimes those messages were personal, but sometimes they were medical in nature. The stereotype that all physicians shun technology is changing as younger docs come onboard. Indeed, technologically savvy patients may shun physicians who don’t offer electronic access.
However, giving patients a doctor’s personal phone number can raise a number of warning flags. The one I want to address here is the risk involved with conducting medical discussions through a cell phone. Since a single violation for unsecured communication can result in a fine of $50,000, and repeated violations can lead to $1.5 million in fines in a single year, it is critical that practices take protective measures to secure patient communications.
Some sources say the practice of electronic messaging is OK if the patient initiates it because he is implicitly agreeing to a method of unsecured communication. My thought on that stance is that patients may not understand their rights to security, or realize that their phone is not as secure as they think it is. While there are obvious advantages to using texting as part of a fast, direct, and simplified form of healthcare communication and delivery, the traditional SMS (text) message is fundamentally flawed in terms of HIPAA compliance. Electronic messages containing protected health information (PHI) can be read by anyone, forwarded to anyone, and remain on the telecommunication provider’s server and the sender/receiver’s phones. Some smartphones are more secure than others, but recent news regarding NSA retrieving smartphone data has been a good reminder that very few systems are foolproof. Additionally, senders cannot confirm the recipient of the message. Studies have shown that 38 percent of people who text have sent a message to the wrong person, according to a blog post by Power Your Practice.