Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance

Brian C Drolet; Jayson S Marwaha; Brad Hyatt; Phillip E Blazar; Scott D Lifchez

doi:10.1016/j.jhsa.2017.03.023

Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance

J Hand Surg Am. 2017 Jun;42(6):411-416. doi: 10.1016/j.jhsa.2017.03.023.

Authors

Brian C Drolet¹, Jayson S Marwaha², Brad Hyatt³, Phillip E Blazar⁴, Scott D Lifchez⁵

Affiliations

¹ Department of Plastic Surgery, Department of Biomedical Informatics, Center for Biomedical Ethics and Society, Vanderbilt University Medical Center, Nashville, TN. Electronic address: brian.c.drolet@gmail.com.
² Warren Alpert Medical School of Brown University, Providence, RI.
³ Department of Orthopedic Surgery, San Antonio Military Medical Center, San Antonio, TX.
⁴ Department of Orthopedic Surgery, Brigham and Women's Hospital, Boston, MA.
⁵ Department of Plastic and Reconstructive Surgery, Johns Hopkins Medicine, Baltimore, MD.

PMID: 28578767
DOI: 10.1016/j.jhsa.2017.03.023

Abstract

Purpose: Technology has enhanced modern health care delivery, particularly through accessibility to health information and ease of communication with tools like mobile device messaging (texting). However, text messaging has created new risks for breach of protected health information (PHI). In the current study, we sought to evaluate hand surgeons' knowledge and compliance with privacy and security standards for electronic communication by text message.

Methods: A cross-sectional survey of the American Society for Surgery of the Hand membership was conducted in March and April 2016. Descriptive and inferential statistical analyses were performed of composite results as well as relevant subgroup analyses.

Results: A total of 409 responses were obtained (11% response rate). Although 63% of surgeons reported that they believe that text messaging does not meet Health Insurance Portability and Accountability Act of 1996 security standards, only 37% reported they do not use text messages to communicate PHI. Younger surgeons and respondents who believed that their texting was compliant were statistically significantly more like to report messaging of PHI (odds ratio, 1.59 and 1.22, respectively).

Discussion: A majority of hand surgeons in this study reported the use of text messaging to communicate PHI. Of note, neither the Health Insurance Portability and Accountability Act of 1996 statute nor US Department of Health and Human Services specifically prohibits this form of electronic communication. To be compliant, surgeons, practices, and institutions need to take reasonable security precautions to prevent breach of privacy with electronic communication.

Clinical relevance: Communication of clinical information by text message is not prohibited under Health Insurance Portability and Accountability Act of 1996, but surgeons should use appropriate safeguards to prevent breach when using this form of communication.

Keywords: Electronic communication; HIPAA; ethics; professionalism; protected health information.