At least 67% of the global population uses text messaging. Encryption ensures that messages sent between providers and patients are scrambled into an unreadable format, making it impossible for anyone else, including the service provider, to read the contents of the message.
Text messaging is a viable healthcare communication solution due to its common use, but it can be tricky to apply due to the lack of security offered by standard text messaging solutions. A Journal of General Internal Medicine article offered the following, “..in 2016, the Joint Commission disallowed standard text messaging to convey patient information, citing the potential for privacy violations. Instead, it stipulated that healthcare organizations must use secure text messaging systems (STMS) with key features including a secure sign on process, encrypted messaging, and delivery and read receipts.”
One of the deficits found in text messaging is the lack of encryption. When healthcare providers and associated entities use HIPAA compliant text messaging to communicate protected health information (PHI), encryption acts like a secure envelope. This allows only the intended recipient with the correct "key" to open and read the message. This security measure protects against the risk of data breaches, cyber attacks, and unintended disclosures, which could occur if the information were intercepted during transmission.
Transport Layer Security (TLS) is a cryptographic protocol that provides secure communication over a network. It can be applied to text messaging to provide for the secure transmission of PHI. There is still the potential for added complexity and configuration required to use TLS.
Asymmetric encryption, also known as public key encryption, uses a pair of keys, a public key for encryption and a private key for decryption. This method eliminates the need to securely share a single key between the sender and receiver. The potential downside is the slower encryption and decryption process compared to symmetric encryption.
Symmetric encryption is a type of encryption where the same key is used for encryption and decryption. It is a faster method compared to asymmetric encryption but requires a secure method to share the key between the sender and receiver. However, there is the risk of key compromise, which could lead to unauthorized access to PHI.
See also: The guide to HIPAA compliant text messaging
No, not all text messaging apps are suitable for communicating PHI.
PHI refers to any information in a medical record or other health-related information that can be used to identify an individual and that was created, used, or disclosed in the course of providing a healthcare service.
Yes, emails can be HIPAA compliant for sharing PHI if they are properly encrypted and secure, and if the email service provider enters into a BAA with the healthcare entity.