Skip to main content

 

 
8x8 Support

Is SMS HIPAA compliant?

  1. Last updated
  2. Save as PDF

Question

Is SMS HIPAA compliant?

Applies To

  • SMS
  • HIPAA

Answer

SMS messaging is not HIPAA compliant. The SMS protocol does not meet HIPAA compliance requirements.

The following are the most common issues preventing the use of SMS in a HIPAA compliant environment:

  1. SMS messages are not encrypted,
  2. SMS messages cannot be recalled if sent to the wrong recipient,
  3. SMS messages can be intercepted on public Wi-Fi networks,
  4. SMS messages are unaccountable,
  5. SMS does not have an automatic logoff facility,
  6. Copies of SMS messages remain on the servers of service providers indefinitely.

Given the nature of SMS messaging, the only resolution to these issues is to exclude any PHI from messages sent in SMS format. Also note that the HIPAA regulations for SMS also apply to other messaging services such as WhatsApp and iMessage, and to emails as well.

Though HIPAA regulations for SMS do not specifically prohibit the use of a “Short Message Service” to communicate Protected Health Information (PHI), they do stipulate that certain conditions have to be in place before using SMS to communicate PHI is HIPAA compliant.

A number of third parties provide ‘secure messaging’ services and products which are intended to provide HIPAA compliant messaging.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
    Confidence
    Validated
    Flagged
    Not Flagged
    Governance
    Experience
    KCS Enabled
    Yes
    Visibility
    Public
  2. Tags
    This page has no tags.