The main privacy concern regarding text messaging in healthcare is the transmission and storage of protected health information. Unfortunately, it is currently not possible to encrypt SMS messages end-to-end when they are sent between different cellular networks. Therefore, individually identifiable health information is subject to exposure when transmitted via text message. Some vendors and platforms such as Apple iPhone now provide secure, encrypted text messaging services for in-network messaging, and there are some recently available applications that allow messages to be sent with password protection (Text Fortress). However, these solutions are viable only if your intervention uses person-to-person or in-network text messaging.
Another concern is that messages may be visible to those other than the phone’s owner, either because the phone is not password protected or because incoming text messages are displayed on a screen preview feature. Study participants can be advised to protect their phone and turn off preview features that allow a preview of the message to be automatically displayed on the screen.
Because information transmitted in a text message is stored on a non-secure server, a SIM card, or by a third party, any protected health information sent is vulnerable to exposure. It is important to consider that any information indicating past, present or future medical conditions or care is considered as protected health information. For example, a reminder to return for a second immunization or an inquiry about a patient’s current pain level is subject to regulation. Therefore, it is advisable to not include any identifying information via text message. Using coded language to communicate health information can render it incomprehensible to outside parties. Patients can create their own code to serve a reminder; for example, "down the hatch" could cue a patient to take medication.