Healthcare providers—physicians, hospitals, nurses, laboratories—heatedly discuss the need to send order information quickly and balance the speed with information security. In the beginning of May 2016, The Joint Commission (Joint Commission on Accreditation for Healthcare Organizations; JCAHO) “…reversed its long ban on physicians and certain other clinicians using text messaging to place orders related to patient care, citing technology advances that enable more secure communication…” (see full article here).

We’ll leave that debate and the solution to the accreditation bodies such as The Joint Commission, HFAP (Healthcare Facilities Accreditation Program), and the information security experts.

What about Consumers?

What about us consumers? Do we think about the security of our content when we text PII (Personally Identifiable Information) or ePHI (electronic Protected Health Information)?

I receive informal updates from friends about their family members. And I suspect I’m guilty as charged for sending similar text messages. Consider this recent text I received (all details changed to protect the parties involved) from a friend to a group of us:


I appreciated the update and was concerned for my friend’s father. However, that text contained ePHI and none of us have an encrypted messaging system. True, we are not healthcare providers so we can share personal information. Yet the risk is still present for the information to be intercepted and brought into unscrupulous hands.

Points to Ponder

Before we text our personal network with our PHI or a family member’s PHI, let’s consider these points.

  1. What information do I really need to share?
  2. Could I convey the update or urgency without identifying details?
  3. Is my text message program encrypted?
  4. Is the recipient’s text message program encrypted?
  5. Do all recipients need the information?


Perhaps we can simply say: