I’ve written regularly about the need to move to HIPAA compliant text messaging, because Texting (SMS) is NOT HIPAA Secure. To add to that, I recently wrote a post on EMR and EHR about Why Secure Text Messaging is Better than SMS. I throw out the whole “fear of HIPAA” component and paint a picture for why every organization should be moving to a secure text message solution instead of using SMS.
While I think a business case can be made for secure text messaging in healthcare over SMS without using HIPAA, the HIPAA implications are important as well. In fact, imprivata has put out The CIO’s Guide to HIPAA Compliant Text Messaging where they make a good case for why HIPAA compliant text messaging is important and how to get there.
The whitepaper suggests that you have to start with Policy, then choose a Product, and then put it into Practice. Sounds like pretty much every health IT project, no? However, the guide also offers a series of really great checklists that can help you make sure you’re covering all of your bases when it comes to implementing a secure text message strategy.
Of course, the biggest challenge to all of this is that everyone is so busy with MU stage 2 and ICD-10. However, when the HIPAA auditors come knocking, I wouldn’t want to be an organization without a secure text message solution. The best way to battle non-HIPAA compliant SMS messaging in your organization is to provide them an alternative.
Full Disclosure: I’m an adviser to HIPAA compliant messaging company docBeat.