Mobile communication by text messaging has become a cornerstone of communication for health care providers. Text messages are reliable, convenient, and efficient for connecting health care providers with each other and their patients.1,2 Unfortunately, there is a lack of consensus about how some of these forms of electronic communication may be used under the Health Insurance Portability and Accountability Act (HIPAA) of 1996.3
Identifiable health information is legally protected by the Health Insurance Portability and Accountability Act under the Privacy and Security Rules, which require appropriate safeguards to protect health information; these rules set limits on disclosures that can be made of such information without patient authorization. A failure to follow these rules, or a breach of privacy, can result in significant penalties.4 Understandably, there are concerns regarding the potential for breach of text messages on personal mobile devices, and the U.S. Department of Health and Human Services offers little guidance on appropriate-use parameters.
Although text messaging is the most commonly used smartphone application, little is known about use patterns in health care.5 We sought to examine current knowledge about, and use of, text messaging by academic plastic surgeons to better understand this form of communication. After institutional review board approval, we performed a cross-sectional survey of the membership of the American Council of Academic Plastic Surgeons in August of 2017. The survey was sent twice to maximize participation rates.
A total of 66 responses were received. Most respondents were attending physicians at academic hospitals [n = 55 (84 percent)], were men [n = 48 (75 percent)], and had an average age of 52 years (range, 27 to 74 years). The majority of respondents (98 percent) stated that their institution required HIPAA compliance training, yet only 53 percent felt confident in their knowledge of HIPAA standards for text communication (Fig. 1). More than half of all respondents (56 percent) stated that text messaging of protected health information is prohibited by HIPAA; meanwhile, the majority of participants (58 percent) used it regardless.
Fortunately, text messaging of protected health information is not explicitly prohibited by HIPAA or the U.S. Department of Health and Human Services. The results of the survey demonstrate a strong preference for the use of text messaging (only 29 percent reported that texting was not their preferred means of communication at work). Given its ubiquitous use, more guidance would benefit the plastic surgery community regarding what safeguard standards should be taken.
We also identified a common misconception regarding prohibition of texting protected health information, which is worth clarifying for the physician community. HIPAA is considered “technology-neutral,” which means there is no one technology or application that is HIPAA approved or disapproved; any communication method that implements “appropriate” security measures to avoid a breach is compliant (e.g., strong passwords, encryption, remote deactivation).6 Although the goal of HIPAA is clearly to provide a safeguard in communicating protected health information, based on current interpretations of the guidelines, texting of protected health information is not explicitly prohibited.3 Until more guidance is provided and clearer guidelines are established, especially given the significant consequences of a breach and variations in interpretation,7 plastic surgeons need to be wary of respecting patient privacy while using electronic communication such as text messages in delivering patient care and should obtain patient consent prior to doing so.
None of the authors has a financial interest in any of the products or devices mentioned in this article.
Nishant Ganesh Kumar, M.D.Section of Plastic SurgeryDepartment of SurgeryUniversity of MichiganAnn Arbor, Mich.
Brian C. Drolet, M.D.Department of Plastic SurgeryDepartment of Biomedical InformaticsCenter for Biomedical Ethics and SocietyVanderbilt University Medical CenterNashville, Tenn.
Jeffrey Janis, M.D.Department of Plastic SurgeryDepartment of NeurosurgeryThe Ohio State UniversityColumbus, Ohio
1. Kuhlmann S, Ahlers-Schmidt CR, Steinberger E. TXT@WORK: Pediatric hospitalists and text messaging. Telemed J E Health 2014;20:647652.
2. McKnight R, Franko O. HIPAA compliance with mobile devices among ACGME programs. J Med Syst. 2016;40:129.
3. Drolet BC. Text messaging and protected health information: What is permitted? JAMA 2017;317:23692370.
5. Drolet BC, Marwaha JS, Hyatt B, Blazar PE, Lifchez SD. Electronic communication of protected health information: Privacy, security, and HIPAA compliance. J Hand Surg Am. 2017;42:411416.
6. Drolet BC. Security of text messaging in clinical care-reply. JAMA 2017;318:1396.
7. Choi BG, Intner SK. Security of text messaging in clinical care. JAMA 2017;318:1395.