The information was found in a Department of Justice document and I believe is a good illustration for why PHI should not be sent through traditional SMS text messaging. Here’s the chart that wired created showing the major Telcom providers record retention policies:
The top 2 sections are the most important when it comes to secure text messaging. Last I checked, the telcom servers weren’t HIPAA secure. Not to mention, I can’t say I’ve seen a Telcom provider sign a business associate agreement with a healthcare provider. Neither of things are likely to ever happen.
The challenge is that text message is so valuable in healthcare. It’s such a simple and flexible way to communicate between doctors, nurses, staff, HIM, etc etc etc. This is why I predict over the next year we’re going to see a huge uptick in adoption of secure text messaging by third parties. The technology is there. We just need wider spread adoption of it in healthcare.