People of all ages have embraced texting as a fast, efficient means of communication. Patient experiences with e-commerce sites, banks, mobile apps and more, have conditioned them to expect and desire text message notifications. There is no reason your practice cannot use this technology to communicate with patients who want to receive appointment reminders and other patient notifications in this manner.
Practices can send information by text to patients as long as it does not contain Protected Health Information (PHI). Examples of appropriate healthcare text messages include appointment reminders, recalls, collection notifications, office closings or schedule changes, to name a few.
HIPAA specifically allows direct communication with patients. Of course, whether that communication takes the form of a phone call, mail, email or text message, health care providers must have adequate safeguards in place to protect patient privacy. Follow some simple guidelines.
Secure text communication between healthcare providers, and between providers and patients is a major topic in the healthcare industry today. There is a concern that patient-specific Protected Health Information (PHI) is vulnerable in instances where PHI is transferred via text in either of the following instances:
If the content of a message contains electronic Protected Health Information, then the text message must comply with HIPAA privacy rules and security standards. Text messages containing ePHI should be sent in a secure, encrypted and approved format.
Secure texting requires secure data centers, message encryption, recipient authorization and audit controls. Encrypted text messages require that both the sender and the receiver have the same encryption protocol on their phones. For these reasons, sending patients encrypted text messages is not practical for most providers at this time. Therefore, any doctor-to-patient communication should be carefully constructed to ensure ePHI is not included in the message.