When messaging your patients through email or text, when do you need encrypted messaging? Educational articles and information you might include on your website and share via email newsletters does not need to be secure – as long as it doesn’t contain any protected health information (PHI). PHI is protected by HIPAA. HIPAA mandates that communications containing PHI must be safe and secure via encrypted messaging.
This post corresponds to our latest podcast episode of “Russ and Randy” – a podcast on Healthcare and Medical Internet Marketing. We hope you like “When Encrypted Messaging is Necessary.” You can find us on iTunes …and now, ReachMD.com!
Russ and I recently published an episode supporting the use of email as the best way to communicate with your “potential” patients. We failed to draw a distinction between the educational articles you might be sharing via email/email newsletters versus protected health information (PHI).
PHI is protected by HIPAA and can not be shared via non-secure or non-encrypted channels.
Neither of us are attorneys. We are not offering legal advice in this episode, but we are simply highlighting some potential pitfalls and talking points when considering encrypted messaging.
Personal Health Information
A patient’s personal health information is protected by HIPAA and is termed protected health information (PHI). Personal health information is any information which can uniquely identify an individual, such as; name, address, phone number, medical record number, etc. Here is a complete listing of the 18 identifiers considered to be PHI.
Any communication containing these identifiers should be transmitted via encrypted messaging.
What Does Not Need to be Secure
Your educational articles on your website and those highlighted in an email newsletter do not contain (or should not contain) PHI and, therefore, do not need to be secure.
We are HUGE advocates of publishing educational content for marketing purposes. Your content (articles, videos, podcasts, etc.) should be limited to teaching and will not contain personal information of patients such as names or other personal identifiers.
For example, an article about the “Top 10 Causes of Headache” needn’t be encrypted if the article does not contain any personal health information.
Encrypted Messaging | Texts and Emails
Email and text messaging containing personal health information needs to be encrypted. If a patient chooses to discuss his or her specific case with you via email, it should be encrypted.
Messaging patients has become a real and convenient alternative to phone calls and is becoming more popular.
We talk about two HIPAA compliant platforms, but we are not recommending either Virtru (email) or Signal (text) for your use. We mention because we have some experience with the two platforms and it gives you a starting point for your research.
Pitfalls to Consider
There are additional considerations to secure messaging other than simply choosing an encryption platform which meets HIPAA standards.
Here are some talking points;
- Hassle factor – Most programs, portals or apps require the users (you AND your patient) to perform additional steps to use the platform, such as the drudgery of logging into another window, e.g. patient portals.
- Archived records – is the text or email necessarily recorded and, if so, can it be retrieved?
- Learning Curve – adds to the hassle factor. New programs need to be downloaded and installed. Not always that easy.
- Legal Issues – simply using a HIPAA compliant method of messaging does not necessarily put you in the clear. If you are transmitting your information to a 3rd party, you may need a BAA, a HIPPA compliant business associate agreement.
Clearly, there many advantages to communicating with individual patients about their health issues. Consult your attorney to insure you are acting compliantly. Also, while you may be motivated and sophisticated enough to employ proper encryption techniques and practices…your patients may not.
See you next week!
Find “Russ and Randy” on iTunes!
If you have questions or concerns, please leave a comment here.
Please find us on iTunes and subscribe to either the podcast or here to receive our latest episodes. Thanks for listening. See you next week!
All the best!
Healthcare and Medical Internet Marketing
Healthcare’s Rx for Web and Social