As providers, we are being asked to improve our communications with each other and family members about the patients we serve in common as they move from one care setting to another. Are there any legal issues we should be aware of as we seek to increase both the degree and timeliness of our contacts with others on our patients’ care teams?
Two issues have arisen in connection with communications in these situations.
First, as a covered entity under HIPAA, you must give your patients or their representatives the opportunity to restrict the disclosure of protected health information to named individuals. Patients are permitted to include other providers in their restrictions, even for treatment purposes. Patients also often ask that their protected health information not be provided to certain family members whose role in assisting patients through care transitions can be crucial. That said, as the patient’s physician, you are not obligated to consent to a restriction request, especially when it pertains to treatment purposes (as opposed to payment or health care operation purposes). We suggest that you ask patients who request such restrictions why they want them, and tell them that you may, under HIPAA, refuse to honor their requests. It is recommended that you explain your reasons for a refusal.
Second, once you are ready to start communicating with a family member involved with the patient’s care, you should ask how s/he wishes to hear from you. Text messaging may be the family member’s first choice. If it is and you are willing to communicate with him or her in that manner, you must first obtain consent from the patient or the patient’s representative to do so.
In order to obtain informed consent, you should explain to the patient or representative that under current technology, text messaging is not secure and may be intercepted by others. There are currently no viable encryption methods that can make text messaging secure. Thus, you should try to eliminate or minimize the amount of protected health information in any text message you send. Warn the family member that your messages may be as terse and uninformative as the old-fashioned pages: “Please call Dr. ______ at (585) xxx-xxxx”, without even mentioning the patient’s name.
If it is necessary to include patient protected health information or, more likely, the family member opts to respond with a text message asking for more information and mentions the patient’s name, to reduce your risks under HIPAA’s Security Rule, you should limit who within your practice will be involved in sending and responding to text messages and also ask your cellular carrier if it is willing to sign a business associate agreement so that the carrier will be obligated to inform you if there is any breach of its text messaging systems that may result in the unauthorized access to your patients’ protected health information.
These considerations apply to communications between covered entities as well. Text messages sent to another physician or other health care provider are equally as unsecured as text messages sent to patients or their representatives.
As always, if you have any questions, please feel free to contact us here or call us at 585.258.2800.