Secure messaging for doctors means that physicians use an encrypted and secure smartphone app to exchange their patients’ health information with their colleagues. This means that the secure text messaging device used by the physician is compliant with the mandates of the Health Insurance Portability and Accountability Act (HIPAA).
The mandate for patient privacy was initially set into effect by Congress with its 1996 HIPAA law. The goal of the 1996 HIPAA law was to encourage healthcare to computerize patients’ medical records. As a result of this initial mandate, Congress saw that they need to further clarify what patient information would be protected and how protection would be enforced.
With the later 2003 amendments, Congress defined protected health information (PHI) and instructed that PHI should only be disclosed if the patient permitted transmission. The institution of PHI ensured that any sort of secure messaging used by doctors focused on maintaining patient privacy and ensured its protection.
In the ensuing years, as smartphones became more popular among doctors, physicians came to use smartphones to exchange PHI. The Department of Health and Human Services realized that in order to protect PHI in these exchanges, secure messaging for doctors had to become mandatory. Until this time, doctors had primarily used pagers to exchange PHI and care-related messages. The healthcare establishment soon determined that exchange of patient information over pagers does not constitute HIPAA-compliant messaging.
The 2013 legislation enacted by Congress provided clarification of the penalties tied to breach of patient information. Breach of patient information can result if HIPAA-secure messaging is not used. Failure by healthcare facilities to use HIPAA-compliant secure messaging for doctors and other healthcare employees could also constitute a HIPAA fine.
By ensuring secure messaging for doctors and their colleagues, hospitals ensure the integrity of patient information and prevent its accidental exposure to those not authorized to access it. Indeed, HIPAA officials have cited health facilities for exchanging protected patient information that was neither encrypted nor password protected. If and when a HIPAA fine is instituted, the fine can reach several million dollars.