Would facilities benefit from setting up a secure texting program for their providers?

"Yes,  and I’ll use email as an example," says Chris Apgar, CISSP, president and CEO of Apgar & Associates and former HIPAA compliance officer for Providence Health Plans.

"In 2003, when the CMS Security Rule was published in the Federal Register, encryption was an addressable standard. But email evolved to the point where the Office for Civil Rights (OCR) position became, “It’s a reasonable safeguard to encrypt that email; therefore, thou shalt.” So, they are enforcing encryption in email as though it’s a requirement in the Security Rule. We’re moving in the same direction with text messaging. If you were to ask me four or five years ago, “Is there something out there that can securely text PHI back and forth?” then I’d say, “There are, but they are so cumbersome that it’s like encrypting emails in 2003 when it wasn’t a mature technology. We’ve got to the point where secure texting is a secure technology. And even with CMS’ edicts around what you can and can’t do with texting, it’s getting to a point where there are sufficient tools on the market that are within a reasonable budget. We haven’t reached that point where OCR has made the announcement, 'If you’re going to text PHI, you need this product and we are going to enforce it.' But I think that the time should come where it will.

"I think all organizations should be looking at a texting platform. Because you’re not going to stop folks from doing it. If you have somebody with their own phone and they text someone else, you can’t police it because you’re not monitoring that phone. So, what’s a good way to address that? It’s to provide a tool that’s easy to use that they can make sure what they’re sending is secure."

Source: News and Analysis