In today’s enhanced HIPAA enforcement environment, addressing information security is a top-of-mind concern for many healthcare leaders. The growing use of mobile devices in the healthcare industry makes HIPAA compliance both more challenging and more important than ever. Loss or theft of a mobile device containing unsecured protected health information (PHI) has been a source of numerous reported breaches and enforcement actions. The government’s posting in late 2012 of an online educational initiative on protecting and securing mobile devices clearly underscores the need for leaders to carefully review existing practices and policies surrounding use of mobile devices, such as smartphones, tablets and laptops.1
Use of mobile devices for texting PHI presents a number of risks. The purpose of this paper is to examine the issues related to HIPAA compliance in the context of texting and to help healthcare leaders understand the risks and potential ways they can manage those risks.