[Skip to Content]
[Skip to Content Landing]
Comment & Response
October 10, 2017

Security of Text Messaging in Clinical Care—Reply

Author Affiliations
  • 1Department of Plastic Surgery, Vanderbilt University Medical Center, Nashville, Tennessee
JAMA. 2017;318(14):1396. doi:10.1001/jama.2017.12966

In Reply Dr Choi and Mr Intner raise several worthwhile considerations about text messaging security that highlight disparate interpretations of federal regulations but fail to show that SMS is explicitly prohibited by HIPAA.

Although secure messaging offers higher standards for information security, HIPAA is technology neutral and has no specific guidelines for security protocols. This neutrality, along with the “reasonably anticipated risk” standard, has allowed alphanumeric text pagers and fax machines, which are unencrypted and unsecure, to be the gold standard in health care telecommunication for decades. During that time, innumerable text pages and fax messages with protected health information have surely been lost, misdirected, or left unsecured, resulting in breaches. Yet little attention has been given to these unsecured communication forms. But now, with growing financial appeal and public attention, dozens of vendors have created a market for secure text messaging products. However, these products are not truly “HIPAA compliant” because there are no standards with which to comply.