temp
Communication of protected health information (PHI) with others both internal and external to UNC Health and to our patients is a critical function necessary to the ongoing operations of our health care enterprise. When PHI is shared in a communication between individuals/entities, the communication must be secure regardless of the medium in which the communication occurs. The following are summaries of UNC Health HIPAA policies governing the requirements for sending PHI via text message and via email.
Texting PHI is Permitted as Follows:
Purpose of Text Message | Sent by & Sent to | Permitted? | Requirements | More Information |
Appointment Reminder
via system-wide automated patient appointment reminder |
Sent by: Participating UNC Health areas only
Sent to: patients |
Yes | Must participate via the official UNC Health text appointment reminder application
Appointment Reminders MAY NOT be sent via any other application or by clinics/employees independently. |
|
Text Pictures of Patients or Patient Care Activities
such as pictures of wounds |
Sent by: nurses, physicians or other clinical care staff
Sent to: nurses, physicians or other clinical care staff |
No | Texting pictures of patient information such as wounds for treatment purposes among treating providers is CURRENTLY not permitted by UNC Health policy unless the picture is taken with a cell phone and uploaded to Epic through the approved HAIKU application. | Pictures of patient treatment areas may be taken using a cellphone and uploaded via the Haiku application – only available for institutions that are on Epic. For more information contact your information security helpdesk. |
Texting Patients
for any reason associated with their care – messages sent unencrypted |
Sent by: nurses, physicians or other clinical care staff
Sent to: patients or their family/friends/or caregivers |
Yes – for limited purposes |
|
(Policy pending) |
Texting Patients
for any reason associated with their care – messages sent encrypted |
Sent by: nurses, physicians or other clinical care staff
Sent to: patients or their family/friends/ or caregivers |
Yes |
|
(Policy Pending)
Must use a third-party vendor approved application to send encrypted communications to the patient. Must have Privacy Office approval for vendor application. Vendor must be vetted through UNC Health ISD Architecture Review Board. |
Emailing PHI is Permitted as Follows:
Safeguards | UNC Health Internal Message (between UNC Health email accounts @unchealth.unc.edu) | Messages between UNC Health email accounts and SOM email accounts (@med.unc.edu) | Messages between UNC Health email account and external accounts (i.e., gmail.com, gov.com) |
Inspect address of intended recipients before sending; avoid sending to distribution lists. | Required | Required | Required |
ALWAYS ensure that recipients are authorized to obtain the PHI | Required | Required | Required |
Encrypt the email during transmission | Not Required | Required | Required |
Encrypt the PHI content:
|
|
|
|
Label the message “Confidential” on the first line within the body of the message | Recommended | Required | Required |
Type (secure) in the subject line to encrypt the message. Be sure an include the parentheses and add a space after the last parentheses | Not Required | Required | Required |