Texting to communicate when a telephone call or email is otherwise not possible provides immediate delivery and may offer an advantage over some other means of communication. In an article by mHIMSS, the American wireless industry leads the world in overall value, innovation and investment. As such, it’s safe to say that American consumers use their mobile products and services more than any others in the world. SpyGlass consulting group found that 94 percent of all physicians in the country are using a smartphone at work. Texting at work might even make staff members more productive, by sending or receiving a short text message to check on a patient’s status rather than engaging in a lengthy phone conversation. In clinical trails, text messaging technology is sometimes used to measure the success or failure of treatment for subjects in research.
However, the convenience of texting might put some clinical research trials in a sticky situation:
- JCAHO or Joint Commission established that physicians should not use text messaging to make orders for their patients.
- Former employee at the HHS Office for Civil Rights and attorney with Davis Wright Tremaine, Adam Greene, says that “HIPAA regulations apply to all electronic protected health information and that data included in text messages could be covered under the broad definition of protected health information”
- HIPAA does not prohibit texting, they do require institutions to create a risk analysis of their operations and implement “reasonable and appropriate” security measures to avoid a breach.
- HIPAA HITECH Act defines unsecured personal health information (PHI) as “PHI in any form that is not secured by some technology standard that renders it unusable, unreadable, or indecipherable to unauthorized individuals”. According to the guideline, encryption and destruction are the only acceptable methods for achieving this.
According to HIMSS research, more than half of personal health information (PHI) breaches occur due to the theft, loss or misuse of mobile devices. The very nature of text messaging devices could wreak havoc for a clinical research trial simply because of their small size and use outside the office. Smartphones can be misplaced and stolen easier than a laptop or notebook computer. Standard text messaging is typically not secured or encrypted and gaining access to information stored on cell phones is relatively easy. It’s also forever stored on the cell providers’ server with no tracking mechanism to distinguish if a message was sent or received, or if the intended recipient read and deleted the message.
So how does documentation in clinical trials keep up with communication? And what does that mean for clinical research? The clinical research world is certainly adapting to keep up, but it does mean that text messaging between principal investigators, research staff, sponsors, monitors, or subjects could compromise privacy. Regulation 21 CFR 812.140 tells researchers that they need to maintain study records and correspondence with another investigator, the IRB, sponsor, or monitor or FDA. Can text messages simply be placed in correspondence and if so, how? One part of the answer depends upon the patient’s consent regarding how their information will be used. It’s up to an IRB to decide, but it some cases, formal consent may not be a requirement in recruitment text-advertising as long as certain criteria are met, like obtaining the list of phone numbers from public sources. Persons responding to recruitment texts may not be viewed by your IRB as official study subjects at this point and therefore the text messages are not “study correspondence” because potential subjects usually don’t believe that they are communicating with a “covered entity”. It’s akin to two strangers strike up a conversation about their asthma on the bus. Neither person expects their information to be protected in the way they would if they were talking with their physician.
Recruitment is only one facet of clinical research where texting is used. However, the problem with documenting evidence of text message communications with study subjects and among the study team or sponsor continues. A simple Google search will show many text messaging solution companies who offer services specifically to the clinical research space. However, in reviewing some of these sites, many do not indicate their ability to provide HIPAA compliant encryption or data destruction capabilities. A few companies such as TigerText and docBeat do. One caveat is that both the user and the recipient must have the application. With TigerText, the ability to recall text messages, set an expiration time, and even set a time to self destruct where they are deleted from the sender, receiver, and secure server under the closed network where they are stored. The data can even be remotely wiped if the device is lost or pin protection is exceeded. But….neither app allows for a text message to be copied for the investigator file. So, doing it “old school” might still be best.
Considering the pros and cons of text messaging in research, is this a path you’ve gone down in your study? Would you recommend text messaging for site staff in a research trial? Please share your thoughts with us – we are very curious to hear opinions on this topic!
Photo Credit: LearningLark