{"id":248,"date":"2016-08-22T11:04:19","date_gmt":"2016-08-22T18:04:19","guid":{"rendered":"https:\/\/blog.sprucehealth.com\/?p=248"},"modified":"2025-12-08T16:45:12","modified_gmt":"2025-12-09T00:45:12","slug":"hipaa-compliance-can-text-patients","status":"publish","type":"post","link":"https:\/\/sprucehealth.com\/blog\/hipaa-compliance-can-text-patients\/","title":{"rendered":"HIPAA Compliance: Can I Text My Patients?"},"content":{"rendered":"

With more than 80% of Americans using their phones to text and more than 6 billion text messages sent in the U.S. every day (not a typo), it is entirely unsurprising that patients want to text about at least some aspect of their medical care.1,2,3<\/sup> Maybe also unsurprisingly, many physicians want to text about medical\u00a0issues as well, with upward of 90% of doctors in some settings using texting in patient care.4<\/sup><\/p>\n

Despite\u00a0these overwhelming numbers, many doctors feel that\u00a0they can’t text about medicine because of HIPAA compliance issues. They worry about compromising\u00a0their patients’ protected health information (PHI) and exposing themselves to fines and censure. HIPAA, however,\u00a0is nowhere near an outright ban on texting, and you don’t have to let it stop you from bringing your phone and your practice\u00a0up to speed with everything else in your life.<\/p>\n

Regular Texting That’s HIPAA Compliant? Says Who?<\/h1>\n

Says the government. Specifically, the\u00a0U.S. Department of Health & Human Services (HHS), which administers HIPAA, has provided quite specific guidance on using electronic communication methods with your patients.5,6<\/sup> The guidance language mostly mentions\u00a0e-mail, but HIPAA regulations do not often\u00a0reference\u00a0specific technologies, so the suggestions are typically taken\u00a0to apply to electronic communication in general.7<\/sup><\/p>\n

Per HHS: “The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so. […] Further, while the Privacy Rule does not prohibit the use of unencrypted e-mail for treatment-related communications between health care providers and patients, other safeguards should be applied to reasonably protect privacy, such as limiting the amount or type of information disclosed through the unencrypted e-mail.”<\/p>\n

So Texting Is Always HIPAA Compliant?<\/h1>\n

Definitely not. Like everything with HIPAA,\u00a0it is the overall process and system that determines compliance, not any specific technology. Standard, unencrypted texting can meet the demands of HIPAA in some cases but certainly not all the time. Check out our white paper on texting and e-mail under HIPAA<\/a>\u00a0for a breakdown of common medical communication scenarios that you are likely to encounter\u00a0and how you can make them compliant with HIPAA.<\/p>\n

If you also want\u00a0general information on fitting mobile devices into your comprehensive approach to HIPAA, the government has guidance on that subject<\/a>, too.<\/p>\n

Is There Anything I Can Do to Be as HIPAA\u00a0Compliant as Possible?<\/h1>\n

Sure! Here is a short list of best practices that will get you on the road to HIPAA compliance with texting:<\/p>\n

    \n
  1. Find out your patients’ preferences and document\u00a0them.<\/strong>
    \nHIPAA is big on patients having freedom and control, so pursuing these is always smart. In the HIPAA Omnibus Rule commentary, HHS states, “We clarify that covered entities are permitted to send individuals unencrypted emails if they have advised the individual of the risk, and the individual still prefers the unencrypted email.” In a separate FAQ, they note that “an individual has the right under the Privacy Rule to request and have a covered health care provider communicate with him or her by alternative means or at alternative locations, if reasonable,” so there may actually be an obligation<\/u> in some cases to use unencrypted texting or email, if your practice can!5,6<\/sup><\/li>\n
  2. Make sure texting and mobile devices in general are considered in your organization’s risk assessment.
    \n<\/strong>HIPAA compliance is a process not a static thing, and the HIPAA Security Rule is big on organizations performing ongoing “risk analysis” to consider where they contact electronic PHI and how they’re protecting it. Come up with a process, carry it out, and document it. See our     HIPAA compliance checklist<\/a> if you need guidance on this.<\/li>\n
  3. Always encrypt what you can<\/strong>
    \nStandard texting is always going to be somewhat insecure, but you can control your end of things. Products like     Spruce<\/a> allow you to send standard text messages to your patients while also encrypting the texts on your end, in storage. This lets you keep\u00a0the texts as an important part of the medical record while protecting them in a HIPAA-compliant way. Many of these products (again, including Spruce!) also make the conversation completely secure if the patient downloads the corresponding app. If that’s feasible for you, then it’s far better for HIPAA compliance than using standard, unencrypted texting.<\/li>\n<\/ol>\n

    So…I Can Text?<\/h1>\n

    Sometimes. Sometimes you can text patients. You should really read our white paper<\/a>. It’s short and useful; I promise!<\/p>\n

    This article is part of a series of posts relating to HIPAA law and regulation. The information provided is\u00a0meant as general guidance only and is not intended to be legal advice.<\/em><\/p>\n

    \n

    References:<\/p>\n

      \n
    1. Duggan, M. & Pew Research Center. Cell Phone Activities 2013<\/i>. (Pew Research Center, 2013).<\/li>\n
    2. O\u2019Grady, M. SMS Usage Remains Strong In The US: 6 Billion SMS Messages Are Sent Each Day. Forrester Research, Inc.: Michael O\u2019Grady’s Blog<\/i> (2012). Available at: http:\/\/blogs.forrester.com\/michael_ogrady\/12-06-19-sms_usage_remains_strong_in_the_us_6_billion_sms_messages_are_sent_each_day. (Accessed: 19th August 2016)<\/li>\n
    3. Council of Accountable Physician Practices (CAPP), Bipartisan Policy Center (BPC) & Nielsen Strategic Health Perspectives. Better Together: High Tech and High Touch (Consumer Healthcare Survey Results)<\/i>. (2015).<\/li>\n
    4. Plant, M. A. & Fish, J. S. Resident use of the Internet, e-mail, and personal electronics in the care of surgical patients. Teach. Learn. Med.<\/i> 27,<\/b> 215\u2013223 (2015).<\/li>\n
    5. U.S. Department of Health & Human Services. 570-Does HIPAA permit health care providers to use e-mail to discuss with their patients. HHS. gov (2008). at <http:\/\/www.hhs.gov\/hipaa\/for-professionals\/faq\/570\/does-hipaa-permit-health-care-providers-to-use-email-to-discuss-health-issues-with-patients\/<\/a>><\/li>\n
    6. Office for Civil Rights, Department of Health and Human Services. 45 CFR Parts 160 and 164: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules. Fed. Regist. 78, 5566\u20135702 (2013).<\/li>\n
    7. Stanger, K. C. HIPAA, E-mails, and Texts to Patients or Others. The National Law Review<\/i> (2015). Available at: http:\/\/www.natlawreview.com\/article\/hipaa-e-mails-and-texts-to-patients-or-others. (Accessed: 19th August 2016)<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

      With more than 80% of Americans using their phones to text and more than 6 billion text messages sent in the U.S. every day (not a typo), it is entirely unsurprising that patients want to text about at least some aspect of their medical care.1,2,3 Maybe also unsurprisingly, many physicians want to text about medical issues as well, with upward of 90% of doctors in some settings using texting in patient care.4<\/p>\n","protected":false},"author":1,"featured_media":4916,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"slim_seo":{"title":"HIPAA Compliance: Can I Text My Patients? - Spruce Blog","description":"With more than 80% of Americans using their phones to text and more than 6 billion text messages sent in the U.S. every day (not a typo), it is entirely unsurpr"},"footnotes":""},"categories":[14],"tags":[15],"different-template":[],"class_list":["post-248","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hipaa","tag-hipaa"],"acf":[],"_links":{"self":[{"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/posts\/248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/comments?post=248"}],"version-history":[{"count":0,"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/posts\/248\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/media\/4916"}],"wp:attachment":[{"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/media?parent=248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/categories?post=248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/tags?post=248"},{"taxonomy":"different-template","embeddable":true,"href":"https:\/\/sprucehealth.com\/blog\/wp-json\/wp\/v2\/different-template?post=248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}