Myth vs. Fact: HIPAA-Compliant Communication

Graphic that says Communication with an image of a cellphone conversation
Share on facebook
Share on twitter
Share on pinterest

Careless communication can get HIPAA-covered companies into a world of trouble. Nevertheless, many health care professionals fail to secure protected health information (PHI) in their communication. Unsecured messages put your organization at risk. An unauthorized user could get ahold of the device, a user could copy or screen capture information, or a hacker could access unencrypted messages through public Wi-Fi. Therefore, to avoid these dangers, you must choose HIPAA-compliant communication.

But what types of communication are HIPAA compliant? There are many myths about communicating PHI that you should be aware of. Let’s look at a couple common ones and see what HIPAA actually requires.


Myth: iMessage is encrypted, so it is okay to send PHI through iMessage.

Fact: It is not safe to use iMessage to send PHI. Although iMessage is encrypted, Apple keeps a 30-day cache of messages on its servers, and users can use iCloud Backup to save and store messages. Furthermore, HIPAA requires that messaging platforms be secured in other ways, such as a unique login and PIN for users, message monitoring, and automatic logoff. iMessage and many other instant messaging platforms fail in these areas.

Myth: You can get a patient’s permission to text or email their information.

Fact: Texting and emailing patient information is a legal grey area. Nevertheless, most health care professionals use text or email to send PHI daily. See this article to read more about texting and emailing patient information. You can make an agreement with a patient to send unsecured messages. However, it’s much safer to use a secure platform.

Communication graphic showing people with talk bubbles

So, How Do I Safely Communicate PHI?

Although there are many “don’ts” when it comes to sending PHI, it’s still important to communicate quickly and efficiently. Instead of text or email, consider using a HIPAA-compliant alternative: secure messaging. A 2015 study by the Tepper School of Business at the Carnegie Mellon University found that there were 27% fewer patient safety incidents and 30% fewer medication errors when secure messaging was used. Therefore, security is just as important as speed and efficiency.

Secure messaging platforms are designed to comply with HIPAA. If you feel that your team needs a secure communication tool, there are many third-party apps available. Ultimately, you must not put ease over security. Make sure you know what HIPAA requires before you make a decision for your organization.

To learn more, contact HIPAAtrek at

READ MORE: Myth vs. Fact: HIPAA Training Requirements

Request A HIPAAtrek Demo

Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!
Learn about Hipaa

Join the HIPAA Huddle

The HIPAA Huddle is a monthly meeting for compliance officers and others with HIPAA oversight responsibility to meet LIVE in a collaborative  environment to work through a single issue or discuss best practices.