HIPAA Compliance

Is SMS Texting HIPAA Compliant?

Krishna Kurapati
May 26, 2017

Over the last 4 months I have given close to 200 demos of our secure messaging application, qliqConnect, to a variety of organizations, ranging from solo practices to large health systems... and just about everything in between. While our primary objective is to help healthcare professionals communicate securely and efficiently, there is no denying that the “SMS problem” is at the forefront of the compliance consciousness.

SMS Texting by Healthcare Professionals

is sms hipaa compliant

The “SMS problem” is, of course, the widespread use of SMS-based texting by healthcare professionals to communicate sensitive protected health information (PHI). While this is not exactly a new problem, it is becoming clear that the heightening enforcement of HIPAA and HITECH privacy and security regulations by both the Office of Civil Rights (OCR) and state attorney general offices is forcing covered entities to take a much closer look at previously ignored gaps.

“Why isn’t SMS Texting HIPAA-compliant?”

Despite the explosive growth in organizations seeking a secure alternative to SMS, the question I am most frequently asked is, “Why isn’t SMS HIPAA-compliant?” On one level, it’s a good thing that so many organizations are getting the word and are beginning to explore alternative solutions. On another level, however, I think the general lack of understanding of SMS’ inherent limitations helps to perpetuate the belief by end users that it’s not as bad as people make it out to be. As one CIO lamented, “it’s pretty hard to convince the docs to stop texting when I can’t draw a clear picture for them why they shouldn’t.”

HIPAA Compliant SMS Texting

We couldn’t agree more, so we created this infographic in the hopes that users can understand why SMS - while great for exchanging recipes with your new BFF - might just not be the best way to exchange PHI.

The Author
Krishna Kurapati

With over two decades of technology entrepreneurship background, Krishna Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges in US Healthcare. During the late 90s, Krishna co-founded IPCell to build the first Cable IP Telephony switch, eventually selling the company to Cisco Systems. In 2003, he started Sipera (acquired by Avaya Systems) to solve security issues for Unified Communications' and raised over $30MM in venture funding. Additionally, he has been actively involved in the early-stage financing of startups in both the US and India.

Healthcare's Most Flexible Collaboration Platform

Engaging Patients and Connecting Care Teams Through Interactive Digital Conversations

Learn More