Link to home
Start Free TrialLog in
Avatar of maharlika
maharlika

asked on

HIPAA compliant text messages

I'd like to know if anyone has used HIPAA compliant software to send text messages from email/outlook to cell phones of clinicians--may contain patient information, so it would have to be hipaa compliant
Avatar of aleghart
aleghart
Flag of United States of America image
If it contains PHI, I don't see how SMS to cell phones can ever be HIPAA compliant.  The messages aren't encrypted.  You don't have an audit trail.  No verification the the data was received, opened, or by whom, and how many times.  No clinician would voluntarily give you cell phone logs (bills) to help with any of this auditing.

You still have the problem of verifying sender and recipient.  The recipient is just a cell phone number on a common wireless carrier.  It can intercepted as plaintext at many points along the way.

I've seen "secure SMS" marketed, but it uses SMS channel for text transmission, then client software on the phone for decrypting.  Seems like a bit of a kludge considering the size limit of SMS.  Encryption would typically increase the size of the transmission for the same size message.

At the point of running software on a cell phone, the next logical step would be to use encrypted email accounts on a smart phone.  Then, there is still one primary mode of communications...secure mail that is collected at the handset, home desk, or roaming location via secure channel...but still one Inbox.
ASKER CERTIFIED SOLUTION
Avatar of ☠ MASQ ☠
☠ MASQ ☠
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial