Many healthcare providers would rather use SMS than other communication methods to communicate with patients because it’s convenient and easy. With sensitive information being shared, there are many rules and regulations when it comes to texting in the healthcare industry. This has many healthcare providers wondering if texting can be HIPAA compliant.

The short answer is yes. Texting can be HIPAA compliant under certain circumstances. The Health Insurance Portability and Accountability Act of 1996 was revised to acknowledge that texting was a technological advancement now used to communicate private health information, also known as PHI. 

Patients can communicate any PHI to you via text. That is their own personal information, and they have the right to share it with whomever they please. Texting is not as easy for the healthcare provider. You must make sure you follow the rules set in place when sharing PHI with patients.

Here are some of the HIPAA rules around texting:

• Create rules and procedures to manage who is authorized to access PHI when texting.
• Execute audit and reporting controls for HIPAA compliant texting.
• Make sure PHI is not improperly changed or deleted while texting.
• Authenticate your identity before sending or receiving messages.
• Protect the integrity of PHI during transmission.

What is the difference between encryption and compliance?

Encryption is simply the process of encoding information. Secure messaging solutions adhere to HIPAA encryption requirements by encrypting PHI while at rest and in transit. In laymen’s terms- PHI becomes unreadable and undecipherable. Texting is HIPAA compliant if you are not sending PHI via text. Texting is also HIPAA compliant if you receive consent from the patient to send PHI. 

Texting Features to Boost HIPAA Compliance

One of our favorite features is SPAM prevention. You can enable SPAM prevention in your Gnymble inbox to receive consent before the patient ever receives any medical information via text. This is an easy process, and the consent messages can be stored under the patient’s profile to be easily retrieved if needed.

HIPAA requires you to make patients aware of the risk of communicating their PHI in an unsecured channel and to obtain their consent prior to doing so. This can be done easily with a message like the following: “Dr. John Doe’s office complies with HIPAA and wants to exchange text messages with you. Text messaging may not be fully secure. To consent, reply YES.” This type of consent is a great way to protect your business by documenting permission from patients. 

Over 80% of doctors already use smartphones and unlike waiting at the doctor’s office or completing treatment plans, texting is quick. There are plenty of valid concerns when it comes to texting your physician, but some people use the argument that texting is more confidential than phone calling because the messages cannot be overheard. 

We All Get Calls From Our Doctor, Is That HIPAA Compliant?

Most medical practices in the United States still use phone calls as a form of communication. The use of mobile devices in the healthcare industry is not HIPAA compliant without consent, however, patients still accept phone calls every day. Like our SPAM prevention- you are typically asked your name and date of birth before beginning a conversation. The phone call continues like normal and is HIPAA compliant by consent, just like texting. A few other ways to text smartly and securely include: keeping an eye on the device you’re using to text, reviewing the content of your messages before sending them and deleting message history after the correct medical records have been documented. 

Texting for the healthcare industry is continuing to grow as we learn more about how to keep PHI secure. If you’d like to learn more contact us or text 757-818-8010