Texting is popular in business communication today. A survey from Kentico revealed that almost 70% of respondents thought it was valuable to receive texts from their providers. That represents a substantial reason for providers to use text messaging to improve the patient experience and grow their practice.

As beneficial as it is, texting in healthcare still has obstacles. Many healthcare providers don’t have a texting policy in place. There’s a need to develop clear guidelines for texting medical information so that you can eliminate confusion and potential liability caused by leakage. Here are five critical rules to remember when texting patients.

1. Ask for Consent

Always ask for your patient’s consent before texting medical information. Failing to ask for permission will violate the Telephone Consumer Protection Act (TCPA), costing you serious fines. You should document content requests and approvals in writing; verbal consent isn’t enough.

2.  Give Them the Ability to Opt-out

Did you know that when you send text messages to your patients about billing information or updates on your practice, you must also give them the option to stop receiving any further messages?

This typically should come in the form of a note following your text. It can simply say, “Reply STOP to stop receiving messages.”

This protects your patients from being spammed with messages they once wanted but found they no longer appreciated. Failure to comply with this could result in significant fines as with other rules.

3. Follow HIPAA Text Messaging Guidelines

Texting health information without PHI is permitted under HIPAA texting guidelines, even if you mention your patient’s name. The HIPAA privacy and security rules only cover communications with electronically protected health information (ePHI), including text messaging, email, and social media.

To avoid penalties and fines when sending messages, you must know all the HIPAA identifiers to remove before you send text messages to your patients. This is called ‘De-identification.’ Violations can earn you some serious fines of up to $50,000.

4.  Implement Audit and Reporting Controls

HIPAA requires that all medical practices utilizing texting implement reporting processes and audit controls to review and document any protected health information activity. By implementing audit and reporting controls, risks are identified and analyzed.

These controls apply to any secure text messaging platform that sends and stores messages containing PHI on both mobile phones and computers.

5.  Establish Policies and Procedures to Manage Authorized Access

HIPAA requires that healthcare organizations, medical practices, and their business associates safely manage who is authorized or has the right to change, distribute, or access sensitive health data. Providers should limit access to PHI to only the information necessary to perform a task.

It is up to the healthcare providers and other medical practices to determine what kind of software, systems, and access controls they use to manage authorized access to PHI related to text messaging software. However, the HIPAA Security Rule requires the following protections to ensure HIPAA compliance:

  • Unique User ID

An individual must access protected health information with a unique user identification number or username that is easy to track. That allows covered entities to hold authorized users accountable for their activity while logged into a system containing PHI. Secure text messaging programs require authorized users to use a unique ID to send, receive, and access any HIPAA-compliant text message.

  • Emergency Access Procedures

Covered entities must have operational workflows to access protected health information in an emergency. These should consider what type of emergencies may require urgent access and who should be granted rights to access PHI in emergencies.

Choosing the best HIPAA-compliant texting messaging software…

By developing a comprehensive healthcare text messaging policy accessible to patients, your medical practice can easily share risk mitigation strategies and standard procedures for texting medical information. One of the best ways is to use HIPAA-compliant texting messaging software.

Curogram is an easy-to-use HIPAA-compliant software that offers automated reminders, electronic patient forms, etc. Curogram has helped healthcare providers address their patients' health concerns by providing innovative patient communication features such as 2-way text messaging and has helped with streamlining patient follow-ups, scheduling future visits, and securely sending photo links with sensitive patient information.

Curogram’s 2-way text messaging keeps your medical staff’s personal phone numbers private. Curogram also allows automated messages to be sent directly via text. There is no need for patients to sift through emails or search for a voicemail to find important information from their providers. If you want to get started with a secure messaging platform, contact Curogram for more details.

A doctor is texting his patient using the Curogram 2 way texting