Texting Patients Is OK Under HIPAA, as long as you …

OCR Director Severino Makes Policy from the Podium Speaking at the HIMSS health IT conference in Las Vegas on Tuesday, Roger Severino, Director of the US Department of Health and Human Services Office for Civil Rights (OCR), the HIPAA enforcement agency, said that health care providers may share Protected Health Information (PHI) with patients through standard text messages. Providers must first warn their patients that texting is not secure, gain the patients’ authorization, and document the patients’ consent. In 2013, the HIPAA Omnibus Final Rule allowed healthcare providers to communicate Electronic Protected Health Information (ePHI) with patients through unencrypted e-mail, if the provider informs the patient that their e-mail service is not secure, gains the patient’s authorization to accept the risk, and documents the patient’s consent. A HIMSS audience member asked Severino why the OCR hasn’t issued similar guidance for text messaging with patients. “I don’t see a difference,” Severino said. “I think it’s empowering the patient, making sure that their data is as accessible as possible in the way they want to receive it, and that’s what we want to do.” “Wow! That’s a big change,” said Tom Leary, Vice President of Government Relations for HIMSS. “That’s wonderful. Actually, the physician community has been clamoring for clarification on that for several years now. Our physician community will be very support...
Source: EMR and HIPAA - Category: Information Technology Authors: Tags: Healthcare AI HealthCare IT HIPAA HIPAA General HIPAA News HIMSS HIMSS 2018 HIMSS18 OCR Rule Roger Severino Tom Leary Source Type: blogs