In Reply Dr Choi and Mr Intner raise several worthwhile considerations about text messaging security that highlight disparate interpretations of federal regulations but fail to show that SMS is explicitly prohibited by HIPAA.
Although secure messaging offers higher standards for information security, HIPAA is technology neutral and has no specific guidelines for security protocols. This neutrality, along with the “reasonably anticipated risk” standard, has allowed alphanumeric text pagers and fax machines, which are unencrypted and unsecure, to be the gold standard in health care telecommunication for decades. During that time, innumerable text pages and fax messages with protected health information have surely been lost, misdirected, or left unsecured, resulting in breaches. Yet little attention has been given to these unsecured communication forms. But now, with growing financial appeal and public attention, dozens of vendors have created a market for secure text messaging products. However, these products are not truly “HIPAA compliant” because there are no standards with which to comply.
Drolet BC. Security of Text Messaging in Clinical Care—Reply. JAMA. 2017;318(14):1396. doi:10.1001/jama.2017.12966
Customize your JAMA Network experience by selecting one or more topics from the list below.
Create a personal account or sign in to: