Denver Health Electronic Messaging Disclaimer
All DH employees, contractors, vendors, and other individuals using electronic messages (whether on a DH-owned device or on a personal device) to conduct DH business must comply with policy P-6.019. Failure to comply with the requirements and restrictions defined in the policy can result in corrective action up to, and including, termination. Electronic messages are considered correspondence and may be subject to public inspection per Colorado Open Records Act, C.R.S. § 24-72-200.1 et seq. ("CORA").
Protected Health Information (PHI) or Personally Identifiable Information (PII) must be protected by the highest level of security available.
Text messaging is inherently non-secure and noncompliant with HIPAA. While DH permits providers to utilize text messaging to communicate information with other providers, in compliance with HIPAA, text messages:
- Cannot include any identifiable patient information. This includes patient name, medical record number, or photographs with unique (identifiable) characteristics such as tattoos or rare injuries. Instead, the provider should call the recipient to communicate necessary identifiers and to verify receipt.
- Cannot include any sensitive information such as HIV status, mental health diagnoses, or drug or alcohol abuse treatment information.
- Cannot include any patient care orders.
- Cannot be used to direct patient care in any way.
If text messages received contains patient information they must be deleted from the mobile device as soon as possible.
For more information, read Policy & Procedure P-6.019 Electronic Messaging.