If your medical office relies heavily on texting for day to day operations, encrypted texting may be worth looking into. But a lot of small medical offices might not find it reasonable and appropriate if they only do occasional coordination though texting. So you may just want to make it a policy to text as little ePHI as possible or only use patients’ first names.
Is it possible for cyber criminals to intercept texts transmitting through the air? Sure. But, using security risk analysis speak, is it probable? The likelihood is small if you research how a cyber criminal could possibly do it.
More probable is someone losing smart phone or a thief stealing it. Then, anyone can retrieve the data on it including your texts which may have some ePHI.
For both Apples and Androids, encrypting the “data at rest” with smartphone encryption is relatively easy to do. The ways to do it can vary by model and software version running on your phone. I will let you “Google it” or if you stop by your carrier’s store, they can assist.
So along with making sure your practice’s laptops are encrypted each of your staff probably has a smartphone you have to worry about. You do not know what ePHI could be spilled over onto these smart phones weather it is a smart phone belonging to the practice or not.
So encourage your staff to encrypt their smart phones. Motivate them by letting them know it is not only good for the practice’s HIPAA compliance but also good for protecting their own personnel information.