Sending PHI Over SMS

I recently was talking with a doctor who told me about a healthcare communications company called YouCall MD. The doctor liked many of the features that YouCall MD provided. He loved that they would answer your Live Calls, transcribe a message to you and send you that message by SMS. Well, he loved all of it except the part that YouCallMD was using insecure SMS messages to send protected health information (PHI).

I wrote about this before in my post called “Texting is Not HIPAA Secure.” I know that many doctors sit on all sides of this. I heard one doctor tell me, “They’re not going to throw us all in jail.” Other doctors won’t use SMS at all because of the HIPAA violations.

While a doctor probably won’t get thrown in jail for sending PHI over SMS, they could get large fines. I think this is an even greater risk when sending PHI over SMS becomes institutionalized through a service like YouCallMD. This isn’t a risk I’d want to take if I were a doctor.

Plus, the thing that baffles me is that there are a lot of secure text message services out there. Using these services would accomplish the same thing for the doctor and YouCall MD and they wouldn’t put a doctor or institution at risk for violating HIPAA. Soon the day will come when doctors can send SMS like messages on their phones in a secure way and they won’t have to worry about it. I just think it’s a big mistake for them to be using their phone’s default SMS.