HIPAA compliance when texting your patients

How to follow guidelines and protect information within digital communication

By:

Laura Beier

Published:

December 29, 2022

Patient texting is revolutionizing the industry—not only is it easier for patients to reach their providers to ask questions and get additional information or reminders about care, but it also helps providers and quality managers operate more efficiently.

But, like anything in healthcare, there are guidelines to follow, and providers need to ensure they comply with HIPAA regulations when digitally communicating with patients. Good thing we’re going to lay it all out here.

Overview of HIPAA regulations

Created to protect sensitive patient health information and ensure it isn’t shared without consent, HIPAA can be a tricky bear to get around when it comes to communication. Patient texting, while convenient, efficient, and a no-brainer for the industry, is no exception.

The main things to keep in mind when implementing patient messaging into the patient journey include the opt-in process, patient data management, and phone number collection. There are many checkboxes to mark off—starting with the confirmation of consent before that first text is sent—down the road to ensuring patient data remains protected.

Overall, as long as no secure information is being passed along via digital messaging, the message is HIPAA compliant. But let’s take a closer look.

What is a HIPAA-compliant message?

Sometimes it’s most helpful to identify something by the parameters of what it is not. In short, any message containing Protected Health Information (PHI) is not allowed, unless a patient gives explicit written consent. 

This can be anything from specific details discussed during a recent visit, or information pertaining to an upcoming appointment. If it contains information that can link the patient to their health or specific condition, without consent, it’s a no-no.

So what’s a yes, yes? A good rule of thumb for HIPAA-compliant messaging is to only share pertinent details, such as:

  • Name(s)
  • Number(s)
  • Appointment confirmation details

If patient consent is secured, more information is approved to appear in messages. However, it’s good to start simple and move slowly from there, instead of jumping hurdles and sending secure information into the void.

Examples when explicit written consent has not been captured: 


YES:

NO:


This is just an overview of HIPAA-compliant texting through patient messaging. Learn more about patient texting or schedule a conversation with the Kipsu team today.

Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Schedule a conversation.

Curious to learn more about Kipsu and digital messaging? Connect with a member of our team to get all of your questions answered.