HIPAA Compliant Communication, communication errors in healthcare

Best Practices for HIPAA Compliant Communication in Healthcare


Whether you use the telephone, email, telehealth video platforms, or text messaging to communicate with patients, it may be helpful to consider how HIPAA-compliant communications differ. Understanding how HIPPA rules differ for each communication tool is essential. Learn best practices for HIPAA complaince and how to avoid common communication errors in healthcare.

HIPAA Compliant Communication Best Practices

In healthcare, regardless of the communication method used (such as telephone, email, telehealth, or text messaging), it must comply with HIPAA rules and regulations. Certain communication tools require written patient consent before use, while others require a signed business associate agreement. See TBHI’s previous article HIPAA Business Associates and How to Choose the Right HIPAA Business Associate Vendor for more information.
How can different tools be used for HIPAA-compliant communication?

  1. Telephone: written patient consent is required before communicating with a patient over the telephone. In addition, limiting the information offered in the message is crucial when leaving a voicemail. See Mobile Device Security and HIPAA Compliance and What is HIPAA Compliant Voicemail.
  2. Email: while communicating with patients through email is not recommended, it is permitted with written patient consent that is signed before the email exchange takes place. During informed consent, the provider must warn the patient of the cybersecurity risks associated with email. If that timing is not strictly followed, healthcare providers must use an encrypted email service that will include a signed Business Associate Agreement (BAA). See TBHI’s previous article HIPAA Compliant Email for Therapists and What is HIPAA Compliant Email? for more information.
  3. Telehealth: conducting telehealth appointments has become a popular form of patient communication. Not all telehealth tools are created equal. Some offer HIPAA-compliant telehealth services, while others do not. HIPAA-compliant telehealth tools are secure and will sign a BAA.
  4. Text message: traditional text messaging platforms are not HIPAA compliant, as they lack the protection to secure protected health information (PHI). However, some healthcare texting platforms can be used for HIPAA-compliant texting.

Before disclosing PHI through respective tools, confirming a patient’s contact information (mailing address, email, phone number) is essential.

Common Communication Errors in Healthcare

Knowing what not to do is just as important as learning what to do. Common communication errors in healthcare include:

  1. Failing to receive patient consent before delivering professional services
  2. Using a communication tool that is not HIPAA compliant
  3. Using a communication tool incorrectly
  4. Disclosing patient information to an unauthorized individual
  5. Failing to share records in a timely manner upon patient request

This Article is Contributed by the HIPAA Compliancy Group

Need assistance with HIPAA compliance? The Compliancy Group can help!

Is It Time to Earn Your Telehealth Certificate?

Telehealth Compliance Requirements Are Returning

Enforcement is headed our way. Improve staff competency and compliance with evidence-based telehealth BCTP® certificate training. Three levels available. Manage risk and distinguish your services now.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Privacy Policy and Terms and Conditions.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x