Submit your HIPAA questions to Editor Jaclyn Fitzgerald at firstname.lastname@example.org  and we will work with our experts to provide the information you need.
Q: Should we permit workforce members to use their personal cell phones to communicate with patients? If yes, is there a HIPAA-compliant means of doing so for calls, email, and text messages?
A: It is hard to see why this would be necessary when there are so many landlines available in a hospital or physician office setting. Personal cell phone communication, including text, isn’t usually encrypted, so this practice would be risky. (Some patient portals have encrypted messaging capability, which would serve as a secure means of messaging patients.)
If, after conducting a risk analysis on this practice, you determine that the risk is an appropriate one to take (for instance, I can imagine a home health provider calling to verify the convenience of a visit), keep the communication brief and administrative. For example, say “I will be there at 2 p.m.” rather than “I will be there at 2 p.m. to help you with your dressing change.” I would recommend creating a policy that outlines acceptable and unacceptable cell phone communication with patients. If this practice is permitted, it is also advisable to conduct documented workforce training.
Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire, answered this question for HCPro’s Medical Records Briefing.  This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.