We all know that standard texting (SMS) is not encrypted. So, why do doctors text patients? Because it's easy, convenient, and in many cases it's what patients want. Text messages that contain PHI (personal health information) should be encrypted, right? Well, it's not quite that simple or straight-forward.
What's often misunderstood is that text messaging platforms don't always need to be encrypted when a doctor sends a text message to a patient. A physician or health system must assess the security and privacy risks and possible threats involved based on the type of information that is being communicated. Based on that assessment, mitigating strategies (such as encryption) must be put into place.
There's a recent article in the Journal of AHIMA titled, "HIPAA compliance for clinician texting" that summarizes some of the issues surrounding HIPAA and text messages. Here's a brief snippet:
All forms of communication involve some level of risk. Text messaging merely represents a different set of risks that, like other communication technologies, needs to be managed appropriately to ensure both privacy and security of the information exchanged.
Greene, Adam H. "HIPAA Compliance for Clinician Texting." Journal of AHIMA 83, no.4 (April 2012): 34-36.