As a healthcare provider, secure text messaging is vital for your practice. A secure text messaging platform is a tool that any healthcare practice should utilize, especially since, according to research, 85% of smartphone users prefer mobile text messages over emails or phone calls. Although texting with a patient may seem like a good idea, several HIPAA considerations are essential. HIPAA-compliant texting requires providers to take specific steps to ensure that the communication is private and confidential, as discussed below.
HIPAA Compliant Texting & Informed Consent
HIPAA compliance is contingent on prior patient written authorization. You must receive this authorization before texting between a patient and the provider. However, it is not recommended to communicate with clients or patients via traditional texting platforms, even with patient authorization.
An SMS or iMessage, for instance, is not considered a secure form of communication as they lack necessary HIPAA safeguards. Although it is not recommended to use traditional texting platforms, they can be HIPAA compliant if, and only if, the provider warns the patient of the risk texting poses to their protected health information. This warning, and the patient’s consent, must be documented to meet HIPAA compliant texting requirements.
Although patient consent to text is required under most circumstances, HIPAA includes exceptions to this rule. For example, when emergencies arise, such as a natural disaster, providers can text patients without prior authorization. See TBHI’s previous articles for more information below.
How to Choose a HIPAA Compliant Text Messaging Platform
Like with any other software platform, text messaging platforms are required to implement HIPAA safeguards to keep patient information secure and be willing to sign business associate agreements with their users. Implementing safeguards are an essential component of HIPAA compliance as they enable the confidentiality, integrity, and availability of electronically protected health information (ePHI). These safeguards include encryption, access controls, user authentication, and audit logging.
Having a signed business associate agreement (BAA) with your healthcare texting platform is another one of the critical determinants of HIPAA compliance. A texting platform is not considered HIPAA compliant without a signed BAA. This is because BAAs dictate that each signing party be HIPAA compliant and maintain their compliance. BAAs also limit the liability for healthcare providers in the event of a breach caused by their texting platform, as only the negligent party would be guilty.
Secure text messaging in healthcare provides convenient, reliable, and safe means of communication and interaction with your clients. The reader can find examples of HIPAA-compliant texting messaging platforms in TBHI’s Telehealth Buyer’s Guide. (Please leave a 1-5 star review if you have liked or not liked any telehealth technology in the past.)
This Article Contributed by Compliancy Group
Need assistance with HIPAA compliance? Compliancy Group can help!
Texting Do’s and Don’ts
Explore clinical, legal & ethical requirements for text messaging with clients & patients.