Although it is unlikely that cellular carriers will block text messages that consumers have opted to receive, this ruling allows carriers discretion and the authority to intercept or recategorize flagged messages (such as mass marketing messages, or messages that contain prohibited content).
Medical and clinical practitioners must be aware of the FCC order that places text messages in the same category as emails, which can increase the risk to the privacy and affect the reliability of the text messages. We have always advised that healthcare organizations do not use standard SMS texting with patients, and this new ruling emphasizes the importance of using messaging applications which are designed specifically for healthcare.
The HIPAA security rule requires covered entities to implement technical safeguards to ensure the confidentiality, integrity, and availability of all e-PHI (protected health information created, stored, and transmitted in electronic form). Standard SMS text messaging does not allow for this, as there isn't a way to audit access to the messages; or a way to ensure that texts haven't been modified by the phone carrier or read by anyone other than the intended recipient. Some providers choose to send appointment reminders via SMS text messages with the patient’s informed consent. This ruling will likely require such informed consents be modified so that patients are adequately informed of this new risk.
Every behavioral health professional association’s code of ethics states that providers ought to use secure means of communication with clients. Often providers use technology in healthcare as they are used to using it in their personal daily lives. However, in respect of confidentiality, we recommend that providers obtain training in the use of technology for healthcare, and seek consultation as needed for their practice.