Most often, the text messages were to or from other pediatric hospitalists (59%), fellows or resident physicians (34%), or subspecialists and consulting physicians (25%), according to a University of Kansas School of Medicine report delivered at the recent annual conference of the American Academy of Pediatrics.
Face-to-face communications and verbal telephone conversations remained the dominant methods of communication among the hospitalists. But 41% of respondents reported receiving text messages on a personal phone and 18% on a hospital-owned phone in the course of their clinical duties. For brief communications, respondents preferred texting to their mobile phones (27%) over hospital-assigned pagers (23%) or face-to-face communications (21%).
[ For more on the untapped potential of mobile technology in healthcare, see Meaningful Use Needs Mobile Magic. ]
This was a small study, involving only 106 physicians. The majority of respondents were female and had been in practice less than 10 years -- which indicates that the cohort was relatively young. So it's not surprising that 96% said they used text messaging in their daily lives.
Nevertheless, the physicians were aware that texting could have negative security implications. In fact, 41% of respondents worried that they might be breaking HIPAA rules by sending/receiving text messages concerning patient information, and 27% reported receiving protected information in texts. Only 10% said their institution offered encryption software for texting.
It's not clear how much texting is going on in hospitals or other healthcare settings. But one survey found that 73% of physicians text other physicians about work -- similar to the overall percentage of the population that texts.
There are some definite advantages to texting for brief communications among clinicians, notes a recent Journal of AHIMA article. But texting also carries a number of risks.
For example, text messages may reside on a mobile device indefinitely, which means patient information could be subject to theft or loss, or could be viewed by unauthorized persons. Also, texts are not subject to central monitoring by the IT department and can be easily intercepted. Finally, the HIPAA privacy rule requires that if text messages are used to make medical decisions, patients should have the right to access and amend that information. So texts that aren't documented in EHRs could be a HIPAA violation.
Doug Hires, executive vice president of Santa Rosa Consulting, told InformationWeek Healthcare that he's heard a lot of discussions in hospitals about the security risks of text messaging. He thinks this issue will grow in importance because texting is such a significant social trend.
Healthcare organizations need to address the technology aspect of texting and put in place policies and procedures to address the security and privacy risks, Hires said.
On the technology front, he noted, "A number of vendors offer security tools -- both cloud-based and data-center-based -- so that if you can get control of the mobile devices, you can have automatic encryption. They also enable you to follow policies for deleting information from the phone when it's no longer necessary."
Whether or not a healthcare system buys security software of this kind, he added, encryption is vital, not only for texting but for all kinds of "bring your own device" (BYOD) scenarios in hospitals. Besides the danger of hacking, he noted, the government is requiring healthcare providers to do a HIPAA risk analysis with an emphasis on encryption in stage 2 of Meaningful Use.
Healthcare organizations must also educate staff members about policies and procedures related to managing personal health information in a responsible and compliant manner, Hires said. "What's acceptable content, and where are you at risk? Does the text include patient-identifiable data?"
While HIPAA doesn't prohibit exchanges of such information among treating providers, Hires stated, "They have to understand what their responsibilities are in terms of generating that information and what's done with it."
That means that if any text bears on a medical decision -- even asking a nurse whether a patient is ready to go home -- it must be documented in the medical record.
InformationWeek Healthcare brought together eight top IT execs to discuss BYOD, Meaningful Use, accountable care, and other contentious issues. Also in the new, all-digital CIO Roundtable issue: Why use IT systems to help cut medical costs if physicians ignore the cost of the care they provide? (Free with registration.)