Imprivata, the leader in healthcare IT security, surveyed 114 hospital IT decision makers to investigate the use of text messaging within healthcare. The study revealed an increasing awareness of the security risk of protected health information (PHI) within unsecured text messaging, and a trend to consider secure text messaging as a means to comply with Health Insurance Portability and Accountability Act (HIPAA) regulations, improve care team communications and replace the pager technology that’s widely used in hospitals today. While at the time of writing the Office for Civil Rights (OCR) has not yet levied any fines for texting of PHI, there was a clear guidance given in the action against Phoenix Cardiac Surgery in which the resolution agreement included the direction that “Covered entities risk management plan must implement security measures sufficient to reduce risks and vulnerabilities to ePHI (electronic protected health information) to a reasonable and appropriate level for ePHI in text messages that are transmitted to or from or stored on a portable device”.

Key survey findings included

  • 64% of respondents classified themselves as very concerned over HIPAA compliance of sending PHI over text message
  • 72% believe pagers will be replaced by secure text messaging within 3 years
  • HIPAA compliance is the number one driver for secure text messaging followed by improved care team communication
  • Almost 50% of respondents believe texting will be used in their environment to communicate with patients within 12 months, increasing to almost 65% within 3 years

Analyst Report