|
---|
TO: | IHS All |
---|---|
FROM: | Director, Indian Health Service |
SUBJECT: | Text Messaging for Clinical Purposes |
The purpose of this Special General Memorandum (SGM) is to remind all Indian Health Service (IHS) staff that patient confidentiality and safety are one of the highest priorities of the IHS. Many patients are able to receive a telephone call or a letter for appointment reminders through the Patient Health Record and to use Direct Messaging to communicate with their provider(s).
The IHS recognizes that text messaging, pagers or Short Messaging Service (SMS), can be a valuable tool to communicate with patients. However, at this time, due to privacy, security and records management concerns, IHS cannot support texting patients from government-owned or personally-owned mobile devices. This includes the use of mobile text messaging applications such as WhatsApp, Facebook Messenger, Yahoo Messenger, or any other system that has not received the requisite IHS approval. Agency records include text messaging, voicemail messages and other electronic communications.
Due to the difficulty in auditing and archiving records created by text messaging in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and Records Management requirements, employees must not use personal or government-owned mobile devices to send any text messages relating to patient care.
Text messages are generally not secure for the following reasons:
- SMS messages lack encryption;
- Senders cannot be sure the intended recipient received the message; and
- The telecommunications carrier or messaging app owner may store text messages.
This SGM does not preclude the Office of Information Technology (OIT) from authorizing or implementing an enterprise managed mobile application that would allow secure HIPAA and Records Management compliant communications between IHS providers and patients from mobile devices in the future. All patient messaging systems require an Authorization to Operate from OIT before implementation. Additionally, under the E-Government Act of 2002, a Privacy Impact Assessment would also be required from IHS Headquarters Privacy, prior to acquisition.
Resources to be used to address questions or concerns:
IHS staff must confer with the respective Area and Service Unit designee or Headquarters Privacy Officer when questions arise regarding texting patients. The Headquarters Chief Information Officer, Mitchell Thornbrugh, may be contacted for any issues regarding security and technical matters.
Effective Date
This SGM becomes effective on the date signed.
/Michael D. Weahkee/
RADM Michael D. Weahkee, MBA, MHSA
Assistant Surgeon General, U.S. Public Health Service
Director
Indian Health Service