Is SMS Texting HIPAA Compliant?

Over the last 4 months I have given close to 200 demos of our secure messaging application, qliqConnect, to a variety of organizations, ranging from solo practices to large health systems... and just about everything in between. While our primary objective is to help healthcare professionals communicate securely and efficiently, there is no denying that the “SMS problem” is at the forefront of the compliance consciousness.

SMS Texting by Healthcare Professionals

The “SMS problem” is, of course, the widespread use of SMS-based texting by healthcare professionals to communicate sensitive protected health information (PHI). While this is not exactly a new problem, it is becoming clear that the heightening enforcement of HIPAA and HITECH privacy and security regulations by both the Office of Civil Rights (OCR) and state attorney general offices is forcing covered entities to take a much closer look at previously ignored gaps.

“Why isn’t SMS Texting HIPAA-compliant?”

Despite the explosive growth in organizations seeking a secure alternative to SMS, the question I am most frequently asked is, “Why isn’t SMS HIPAA-compliant?” On one level, it’s a good thing that so many organizations are getting the word and are beginning to explore alternative solutions. On another level, however, I think the general lack of understanding of SMS’ inherent limitations helps to perpetuate the belief by end users that it’s not as bad as people make it out to be. As one CIO lamented, “it’s pretty hard to convince the docs to stop texting when I can’t draw a clear picture for them why they shouldn’t.”

HIPAA Compliant SMS Texting

We couldn’t agree more, so we created this infographic in the hopes that users can understand why SMS - while great for exchanging recipes with your new BFF - might just not be the best way to exchange PHI.