There is currently a lack of clarity about whether patient consent to communicate via (unencrypted) SMS is adequate to protect covered entities from HIPAA concerns. HHS (and medical research) has released data supported use of non-encrypted SMS, given its high accessibility to patients and its efficacy in achieving behavior change (e.g. medication compliance, smoking cessation).
Many covered entitites feel that this use of unencrypted SMS is okay - as long as sensitive information is not communicated, and as long as it is in agreement with patients' preferences, and as long as consent is obtained. Other covered entities disagree.
What is your perspective?