Telcoms Store SMS Text Message Details – Not HIPAA Compliant

Posted on June 27, 2012 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

As an extension to my previous post called “Texting is Not HIPAA Secure” I wanted to point out some data that Wired posted about Telcom’s SMS message retention policies.

The information was found in a Department of Justice document and I believe is a good illustration for why PHI should not be sent through traditional SMS text messaging. Here’s the chart that wired created showing the major Telcom providers record retention policies:

The top 2 sections are the most important when it comes to secure text messaging. Last I checked, the telcom servers weren’t HIPAA secure. Not to mention, I can’t say I’ve seen a Telcom provider sign a business associate agreement with a healthcare provider. Neither of things are likely to ever happen.

The challenge is that text message is so valuable in healthcare. It’s such a simple and flexible way to communicate between doctors, nurses, staff, HIM, etc etc etc. This is why I predict over the next year we’re going to see a huge uptick in adoption of secure text messaging by third parties. The technology is there. We just need wider spread adoption of it in healthcare.