Is text messaging HIPAA-compliant?
How to communicate with patients securely
Using the internet to communicate with patients has allowed physicians to improve their quality of patient care. According to The HIPAA Journal, texting specifically “has been shown to help accelerate patient care throughout, reduce the potential for medical errors, increase patient satisfaction, improve clinical outcomes, and significantly reduce costs while ensuring compliance with HIPAA.”
How can you protect your clinic from text-related HIPAA violations?
Protected health information (PHI) must be secured when transmitted across networks and the internet. Securing electronic data requires encryption. This also applies to hard copies of documents that are scanned to a device.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was created in the U.S. (as was PIPEDA, the Personal Information Protection and Electronic Documents Act in Canada) to protect patients’ PHI. While the act is still in effect, there have been changes to HIPAA due to the COVID-19 pandemic.
How has HIPAA changed due to COVID?
Due to the unexpected arrival of COVID-19 and the adoption of telehealth services on a massive scale, the Office for Civil Rights (OCR) eased the enforcement of specific non-compliance penalties. The change permits providers to use the following applications for communicating with patients:
- Apple FaceTime
- Google Hangouts Video
- Skype
- Facebook Messenger Video
- Zoom
However, HIPAA compliance is still necessary for the healthcare industry. Data breaches can happen, and the consequences fall upon the one who sends the message that gets leaked. For example, if your office sends a text and an unintended recipient intercepts the message, your office will be liable for the fines.
How can you protect your clinic from text-related HIPAA violations?
1. Encrypt your data
One way to help ensure that patient data is appropriately encrypted is to have an IT professional take care of the encryption. Unfortunately, keeping an IT resource on staff or on retainer is extremely expensive. Alternatively, you can choose to use a practice-management solution, like intakeQ,’s practice. that encrypts your data in transit and at rest.
Although you aren’t required to encrypt all devices and storage locations, you might want to do so to help ensure your compliance with HIPAA regulations and protect your practice from costly lawsuits, lost clientele and a bad reputation.
2. Acquire patient consent
Before any electronic communication with your patients, it’s required to appropriately document your patient’s consent to communicate digitally.
When you do so, ensure you have the correct contact information and explain the risks of electronic communication, including video, email and text messages. In case you need proof that you explained the privacy risks to your patient, make sure that you keep the consent form. Here are step-by-step instructions on building a digital patient consent form in intakeQ.
3. Help ensure secure communication
Many of today’s patients prefer communicating via text message, but simple SMS messages aren’t encrypted. Secure messaging gives patients the convenient communication that they want while protecting their health information. intakeQ’s secure messaging portal gives your staff and your patients a safe and easy way to communicate with your patients and share documents.
In addition to protecting your practice, secure text messaging helps enable clinics to follow audit trails to inspect metrics that measure the efficacy of your secure text-messaging platform. That way, you can identify areas of improvement and opportunities for further development.
4. Don’t send personally identifiable information
On the off-chance that an unintended recipient intercepts the text message, you should avoid sending personally identifiable information. With intakeQ, our secure portal sends an email to your healthcare consumers that lets them know they have a message in the portal.
Patients are becoming accustomed to the conveniences of digital communication, but it’s incredibly important to ensure your clinic is connecting safely and securely. If you want to eliminate guesswork, check out our 14-day trial of intakeQ’s online forms capabilities and our integrated practiceQ practice-management solution and get access to intakeQ’s secure messaging, HIPAA-compliant intake forms and more.