Contact Us
Subscribe to this blog via RSS
Join us on LinkedInCategories
- Workplace Violence
- Assisted Living Facilities
- Department of Health and Human Services' Office of Civil Rights
- Medical Residents
- EMTALA
- FDA
- Reproductive Rights
- Roe v. Wade
- SCOTUS
- Medical Spas
- medical billing
- No Surprises Act
- Mandatory vaccination policies
- Workplace health
- Coronavirus Aid, Relief and Economic Security Act
- Code Enforcement
- Department of Labor ("DOL")
- Employment Law
- FFCRA
- CARES Act
- Nursing Home Reform Act
- Acute Care Beds
- Clinical Support
- Coronavirus
- COVID-19
- Emergency Medical Services
- Emergency Preparedness
- Families First Coronavirus Response Act
- Family and Medical Leave Act (“FMLA”)
- KBML
- medication assisted therapy
- SB 150
- Department of Health and Human Services
- Legislative Developments
- Corporate
- United States Department of Justice ("DOJ")
- Employee Contracts
- Non-Compete Agreement
- Opioid Epidemic
- Sexual Harassment
- Health Resource and Services Administration
- House Bill 333
- Litigation
- Medical Malpractice
- Senate Bill 79
- Locum Tenens
- Senate Bill 4
- Physician Prescribing Authority
- Chronic Pain Management
- HIPAA
- Prescription Drugs
- "Two Midnights Rule"
- 340B Program
- Drug Screening
- EHR Systems
- Electronic Health Records (“EHR")
- Hospice
- ICD-10
- Kentucky minimum wage
- Minimum wage
- Primary Care Physicians ("PCPs")
- Skilled Nursing Facilities (“SNFs”)
- Uncategorized
- Urinalysis
- Affordable Insurance Exchanges
- Compliance
- Department of Health and Human Services (HHS)
- Federally Qualified Health Centers (“FQHCs”)
- Fraud
- Health Care Fraud
- HIPAA Risk Assessment
- HPSA
- KASPER
- Kentucky Board of Medical Licensure
- Kentucky’s Department for Medicaid Services
- Mental Health Care
- Office for Civil Rights ("OCR")
- Office of Inspector General of the United States Department of Health and Human Services (OIG)
- Pharmacists
- Physician Assistants
- Qui Tam
- Rural Health Centers (“RHCs”)
- Stark Laws
- Telehealth
- Accountable Care Organizations (“ACO”)
- Affordable Care Act
- Alternative Payment Models
- Anti-Kickback Statute
- Centers for Medicare & Medicaid Services (“CMS”)
- Certificate of Need ("CON")
- Charitable Hospitals
- Data Breach
- Electronic Protected Health Information (ePHI)
- False Claims Act
- Fee for Service
- Health Information Technology for Economic and Clinical Health Act (HITECH Act)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Health Professional Shortage Area ("HPSA")
- Hospitals
- HRSA
- Kentucky Board of Nursing
- Limited Services Clinics
- Medicaid
- Medical Staff By-Laws
- Medically Underserved Area ("MUA")
- Medicare
- Mid-Level Practitioners
- Part D
- Patient Protection and Affordable Care Act (“ACA”)
- Rural Health Clinic
- American Telemedicine Association (“ATA”)
- Criminal Division of the Department of Justice (“DOJ”)
- Health Care Fraud Prevention and Enforcement Action Team (“HEAT”)
- Hydrocodone
- Kentucky Pharmacists Association
- Qualified Health Care Centers (“FQHC”)
- Telemedicine
- United States ex. Rel. Kane v. Continuum Health Partners
- Webinar
- Agreed Order
- APRNs
- Chain and Organization System (“PECOS”)
- Douglas v. Independent Living Center of Southern California
- Drug Enforcement Agency ("DEA")
- Emergency Rooms
- Enrollment
- Hinchy v. Walgreen Co.
- Jimmo v. Sebelius
- Kentucky Senate Bill 7
- Maintenance Standard
- Medicare Part D
- Minors
- Overpayments
- Re-validation
- Texting
- Vitas Innovative Hospice Care
- 2014 Medicare Physician Fee Schedule (“PFS”)
- 501(c)(3)
- All-Payer Claims Database ("APCD")
- Appeal
- Cadillac tax
- Centers for Disease Control and Prevention
- Chiropractic services
- Chronic Care Management
- Clinical Laboratory Improvement Amendments of 1988 (“CLIA”)
- Compliance Officer
- Compounding
- CPR
- Dispenser
- Drug Quality and Security Act (“DQSA”)
- Essential Health Benefits
- Federation of State Medical Boards (“FSMB”)
- Food and Drug Administratio
- HealthCare.gov
- House Bill 3204
- ICD-9
- Individual mandate
- Kentucky Medical Practice Act
- Kindred v. Cherolis
- Kynect
- Long-term care communities
- Mobile medical applications ("apps")
- Model Policy for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Model Policy”)
- National Drug Code ("NDC")
- National Institutes of Health
- New England Compounding Center ("NECC")
- Ophthalmological services
- Outsourcing facility
- Physician Compare website
- Ping v. Beverly Enterprises
- Power of Attorney ("POA")
- Prescriber
- Social Media
- Spousal coverage
- State Health Plan
- Sustainable Growth Rate (“SGR”)
- UPS
- "Plan of Correction"
- Advanced Practice Registered Nurses
- Affinity Health Plan
- Arbitration
- Audit
- Call Coverage
- Community health needs assessment (“CHNA”)
- Condition of Participation ("CoP")
- Daycare centers
- Decertification
- Denied Claims
- Department of Medicaid Services’ (“DMS”)
- Division of Regulated Child Care
- Doe v. Guthrie Clinic
- EHR vendor
- Employer Group Health Plans
- Employer Mandate
- ERISA
- Fair Labor Standards Act (FLSA)
- False Billings
- Form 4720
- Grace Period
- Group Purchasing Organizations ("GPO")
- Health Professional Shortage Areas (“HPSA”)
- Health Reform
- Home Health Prospective Payment System
- Home Medical Equipment Providers
- Hospitalists
- House Bill 104
- Inpatient Care
- Intermediate Sanctions Agreement
- Kentucky Health Benefit Exchange
- Kentucky House Bill 217
- Licensed practical nurses (LPN)
- Licensure Requirements
- List of Excluded Individuals and Entities
- LLC v. Sutter
- Long-Term Care Providers ("LTC")
- Low-utilization payment adjustment ("LUPA")
- Meaningful use incentives
- Medicare Administrative Coordinators
- Medicare Benefit Policy Manual
- Medicare Shared Saving Program (MSSP)
- Network provider agreement
- Nonprofit hospitals
- Nonroutine medical supplies conversion factor (“NRS”)
- Nurse practitioners (NP)
- Office of the National Coordinator for Health Information Technology (“ONC”)
- Part A
- Part B
- Patient Privacy
- Payors
- Personal Service Entities
- Physician Payments
- Physician Recruitment
- Physician shortages
- Provider Self Disclosure Protocol
- Qualified Health Plan ("QHP")
- Quality reporting
- Registered nurses (RN)
- Residency Programs
- Self-Disclosure Protocol
- Statement of Deficiency ("SOD")
- Trade Association Group Coverage
- Upcoding
- “Superuser”
- Autism/ASD
- Business Associate Agreements
- Business Associates
- Center for Disease Control
- Compliance Programs
- Critical Access Hospitals (“CAHs”)
- Essential Health Benefits (“EHBs”)
- Genetic Information Nondiscrimination Act ("GINA")
- Healthcare Information and Management Systems Society (HIMSS)
- Kentucky House Bill 159
- Kentucky Primary Care Centers (“PCCs”)
- Managed Care Organizations (“MCOs”)
- Medicare Audit Improvement Act of 2012
- Patient Autonomy
- Personal Health Information
- Recovery Audit Contractors (“RAC”)
- Senate Bill 39
- Senate Finance Committee Report
- Small Business Health Options Program (“SHOP”)
- State Medicaid Expansion
- Sunshine Act
- Abuse and Waste
- Consumer Operated and Oriented Plan programs (“CO-OPS”)
- Free Conference Committee Report
- Health Care Fraud and Abuse Control Program
- House Bill 1
- House Bill 4
- Kentucky Cabinet for Health and Family Services
- Kentucky Health Care Co-Op
- Kentucky Health Cooperative (“KYHC”)
- Kentucky “Pill Mill Bill”
- Occupational Safety and Health Administration (“OSHA”)
- Pain Management Facilities
- Employee Agreement
- Health Care Law
- Health Insurance
- Healthcare Regulation
McBrayer Blogs
THE “WILD WILD WEST” OF SMS
SMS text messaging is quickly becoming the preferred method of communication for many people who find it a quick and convenient way to share information with friends, family and, increasingly, with colleagues. This is true in the health care space as well with patients increasingly using text messaging to communicate with providers and to receive health-related reminders and updates, including for health care appointments, medication therapies and health news. For example, anyone can text the word HEALTH to 87000 and begin receiving text messages from the Center for Disease Control regarding emergency alerts, new research and reports, as well as health information and tips.
On the provider side, the use of mobile technologies in both public and private sector healthcare has become a part of everyday business. According to SpyGlass consulting group, ninety-four percent of all physicians use a smartphone at work, and there is a growing practice of using text messaging to communicate health and patient case-related information, including in some instances electronic personal health information (ePHI), between doctors and staff. SMS text messaging is fast, simple and convenient, speeding up the delivery of information and theoretically improving patient care.
So what’s the problem with text messaging in health care? Why don’t hospitals, pharmacies and other health care providers simply issue SMS text-enabled devices to physicians, pharmacists and other health care providers to go forth and improve health care with better access to critical information?
The reason is that, generally speaking, text messages sent through commercial data carriers are not encrypted and do not provide the level of security required to prevent unauthorized disclosure of ePHI. Also, for health care providers that do implement and use secure text messaging technologies to encrypt the message itself, there remains a concern regarding the security of the device on the receiving end. Is the receiving device password protected? Is the receiving device lost or stolen? What if the receiving device is an iPhone® and even with password protection, the message displays on the screen for anyone holding (or stealing) the phone to see?
According to the Healthcare Information and Management Systems Society (HIMSS), over half of ePHI breaches are the result of theft, loss or misuse of mobile devices. Due to the lack of security typically available for SMS text messaging, providers should avoid using text messages to communicate ePHI, including any individually identifying patient information, even to patients and other providers, unless messaging technology is in place to ensure the security of the message in transmission, and prevent the unauthorized disclosure of the ePHI from the recipient’s mobile device. At the same time, it makes sense that providers should be encouraged to take advantage of the benefits of text messaging for communications involving non-identifying health information, if the organization implements safeguards to protect patient privacy.
In the event an organization determines to permit the use of text messaging for non-identifying patient information, the following is a high-level checklist to help protect the organization and its patients from unauthorized uses of sensitive information:
1) Institute a clear and concise policy that identifies limitations on message content, when the use of text messaging is appropriate and any other limitations.
2) Train providers and staff on the organization’s policies regarding the use of text messaging in the workplace, and specifically, with respect to patient care.
3) Passwords and encryption are important ways to prevent misuse and abuse. Even for an organization that does not permit text messaging ePHI, requiring personnel to establish device passwords and to use encrypted transmissions when available will help to reduce unauthorized use of their devices and reduce incidence of losing or disclosing sensitive information.
4) Retention periods and deletion requirements for text messages should be identified. Text messages may represent an important record of what happened and when, but may be subject to the uncertain retention policies of a commercial data carrier, depending on the technology being used.
5) Work with counsel to ensure the organization has appropriate and effective patient-facing policies and procedures in place to communicate to patients how the organization uses text messages to communicate and in some cases offering patients an opportunity to “opt-in” and/or “opt-out” of such communications.
Communicating by text message is woven into the landscape of health care and offers many benefits, and risks, relative to other communication technologies. The pervasiveness of SMS texting makes it impossible to ignore. The balancing act between privacy and convenience can be managed to improve quality of care and patient access. Understanding available technology, maintaining clear policies regarding when and how text messaging may be used in your organization and routine education for personnel are the keys to harnessing this effective and popular communication tool for your organization.
Services may be performed by others.
This article does not constitute legal advice.
