Q&A: Doctors communicating with patients via personal mobile devices

Q: My doctor emailed me while he was on vacation, and the email had the automatic “sent from my iPhone” message at the end. Is it a HIPAA violation for doctors to use their personal cell phone to communicate with patients?

A: It is not a HIPAA violation for a healthcare provider to use a personal cell phone to communicate with patients. However, HIPAA’s “minimum necessary” requirement should be applied to any PHI sent via email or text. Those messages should not contain information specific to the patient’s diagnoses or medical conditions, if it can be avoided. For example, if you have congestive heart failure and ask your physician whether you should increase your dose of Lasix to manage your symptoms, an acceptable response would not mention the diagnosis of congestive heart failure. Instead, it would simply say, “Please increase your dose of Lasix to xx mg twice a day.”

Editor’s note: Question answered by Mary Brandt, a healthcare consultant specializing in healthcare regulatory compliance and operations improvement. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS. Email your HIPAA questions to Associate Editor Heidi Samuelson at hsamuelson@hcpro.com.