Does HIPAA address the use of cell phones and PHI?

From HIPAA Weekly Advisor, the free, weekly e-mail newsletter brought to you by HcPro's premium monthly newsletter Briefings on HIPAA (BOH):

Q: Does HIPAA address the use of cell phones and PHI? Is calling a practice's physicians or on-call staff members to relay information regarding a patient acceptable?

A: HIPAA does not specifically address cell phone use. However, HIPAA addresses avoidance of incidental disclosures whenever possible. In practical terms, when using a cell phone to discuss patient information, do so in an area where unauthorized individuals are not likely to overhear your conversations.

Communicating information via cell phone increases the risk of exposure because transmission is wireless, unlike with landlines. You may choose to document this as an acceptable risk, and although it would not necessarily constitute a HIPAA violation, it nonetheless represents a risk of which you should be aware.


The use of cell phones to transmit text messages or e-mail messages about patients is generally an unwise practice. As the sender of information, you may be able to guarantee that your cell phone carrier is secure, but there is no guarantee that the message recipient has a secure carrier. This is similar to sending unencrypted e-mail via the Internet, which is potentially a HIPAA violation—not to mention a liability risk for the sender if an unauthorized individual intercepts the information.

Have questions? I’m here to help.