Re: Medical SMS: a data breach waiting to happen
What I had hoped to show with the example at the beginning was that the opposite is actually true: A nursing facility got penalized when nobody was damaged. The violation occurred when the doctor and nurse traded a text about a patient's lab results, but nobody else viewed the text. It wasn't hacked. It wasn't accidentally shared or anything else. But when CMS discovered the text as part of a HIPAA audit, the government agency penalized the healthcare organization, including making the facility tell patients about the occurence.
So while an organization may not be audited and, yes, get away with conducting unencrypted texting, if a breach does occur it's such an easy thing to prove that healthcare organizations will likely be paying out a big sum of money: Once to the government in fines, once to the patient in penalties. And if the patient is a celeb, then yes, most likely it will be worse because people are oftennosier in those cases.
The CIO I interviewed for this piece was pretty upfront, I thought. Since she was a nurse and had grappled with this issue in the ranks, she realized they needed something that was easy to use and not onerous otherwise clinicians wouldn't use it.