Earlier this week we posted some best practices for “park & text” waiting for patients. Since the COVID-19 pandemic began, the use of text messaging has grown as much as the use of telemedicine. It’s faster and easier than phone calls and lets organizations reach more people with critical information. It’s also great for quick follow ups or last minute pre-screening as well as new techniques like the “park & text” mentioned above.

When we talk about text messaging with patients though, we always get a lot of questions about compliance. Many providers and staff worry about being HIPAA compliant and following the rules for the TCPA. Being compliant is actually a lot easier than most people think. This article is not a substitute for legal advice but it can give some basic guidance. Here are a few common questions and answers about compliance.

  • Can we text patients about PHI? Yes, you can text with patients about protected health information (PHI). Patients can text you anything they want since they aren’t covered entities. If they want to discuss PHI, or have a comment or question that would require you to mention PHI in the text, you just need to get their consent first. It is as simple as letting them know that the text messaging is unsecure and you need their consent to continue the conversation on that channel. The patient can give consent via text and you can continue the conversation. If they opt not to give consent then you can suggest an alternate communication tool like phone, telehealth, in-person visit, portal, or secure email.
  • Do we need consent to send automated text messages like reminders or COVID-19 updates? You don’t need consent for healthcare messages. If a practice is communicating a healthcare message to their patient, they are exempt from the express written consent rule. Basically, this means that as long as your patient has given you their phone number, you are allowed to text them for healthcare-related messages. Healthcare-related messages include:
    • Appointment reminders
    • Confirmation messages
    • Wellness checkups
    • Post-operative instructions
    • Post-discharge information
    • Lab results
    • Prescriptions notifications
    • Home healthcare instruction
  • What about other types of messages like billing or marketing messages? Those messages do require written consent as they are not considered healthcare messages. If you do not have express written consent to send these messages, you should communicate them in alternative ways. If you want to send out a dual-purpose message that includes both a healthcare AND a marketing message, the message will be held to the higher marketing message standard and will require express written consent. You are required to have express written consent to send the following messages via text message:
    • Advertisements for new services
    • Solicitations to events
    • Special offers
    • Accounting, billing, or collection messages
  • Are there are other requirements we need to be aware of when sending text messages? Yes, there are several rules that apply when sending text messages. Both HIPAA and TCPA have some requirements. These are some of the key things you need to know:
    • There must be a clear opt out
    • If using a third-party, you must adhere to the minimum necessary standard for sharing PHI
    • Check and update patient contact information regularly
    • Include your contact information
    • Stick to the required limit for text messages of 160 characters

These are some of the most common questions we get, but there are more details on patient communication as it relates to text and email. To learn more you can
download our full guide on text and email compliance.