Friday, August 12, 2011

Mobile Tech Replaces Pagers, Worries HIPAA

The cliche image of an off-duty doctor receiving an emergency page is a thing of the past. These days, many docs receive up-to-the-minute patient updates through text messages, sent unencrypted from the hospital. Obviously, there are a few problems here waiting to happen.

The e-mails are entered by the hospital employee, converted into a text message and sent to the physician's cellular phone. Physicians frequently request that more patient data is included in the message, such as the patient's name and room number, so the physician can look up the chart prior to returning the call. This system is frequently not encrypted, however, because of the extra expense to the hospital.
This revelation sent red flags up for HIPAA. Imagine their horror when it was learned that some hospital employees simply send these texts from personal cell phones, rather than through monitored hospital email systems.

The problems begin with the fact that this kind of communication, while expedient, is not protected by any level of security. This puts these kinds of communications in violation of the Security Standards, which "require Covered Entities to (1) ensure the confidentially, integrity and availability of the information; (2) protect against any reasonably anticipated threats or risks to the security or integrity of the information; and (3) protect against unauthorized uses or disclosures of the information." And this is just the start of the laundry list of violations.

The very fact that these communications take place on "high risk" items like cell phones and tablet computers furthers the issue. The National Institute of Standards and Technology increases the risk level for items likely to be lost, stolen, or compromised, and cell phones are right at the top of that list.

Is this just one more case of consumer technology surpassing medical technology? Perhaps, but it is still a significant issue that requires a little more thought.


Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at


  1. I want my medical record to remain private. It is disturbing to know that this can be accesed by a third party. Physicians should think twice before asking for sensitive information to be sent through unsecured platforms like text messages.

  2. Skysoft provides Computer Support, IT Management, and Cloud Management. From complete building cabling to complex software development.HIPAA experts