Are Text Appointment Reminders HIPAA Compliant?Posted: March 16, 2021 - By Melody Gandy-Bohr
Many medical practices know that patients appreciate text-based communications. Texting definitely sounds like a great idea, in principle. But there’s an important question to consider. Is sending text appointment reminders HIPAA compliant?
The good news: Yes, texting can be HIPAA compliant, but you need to take specific steps to safeguard patient privacy. To understand how to send HIPAA-compliant appointment reminders, you need to understand HIPAA and another relevant law, the Telephone Consumer Protection Act (TCPA).
Get to know the facts about text-based appointment reminders before your start sending messages to patients. Being informed is critical to protect patient privacy and make texting work for your healthcare practice.
Why Should You Send Appointment Reminders via Text?
Reminders about upcoming appointments are essential to prevent no-shows. Although calls the day before appointments have been standard practice in the healthcare industry, many medical providers want to take advantage of modern technology.
While email is a good option, texting stands out as the best way to reach customers with reminders. Today, most people rarely go anywhere without their phones and are likely to look at every text they receive. They are far more likely to read a text than an email. A well-timed text reminder can ensure customers remember an upcoming appointment or give you proper notice if they need to cancel or reschedule.
What is HIPAA?
You’ve no doubt heard of HIPAA. But it’s a good idea to refresh your memory on this critical healthcare regulation before you implement text appointment reminders.
HIPAA is an acronym for The Health Insurance Portability and Accountability Act of 1996. The purpose of the law is to prevent the disclosure of sensitive health information without prior patient knowledge or consent. After Congres passed the law, the US Department of Health and Human Services issued the privacy rule to guide HIPAA’s implementation. The HIPAA Security Rule protects a subset of information covered under the Privacy Rule.
Under the Privacy Rule, covered entities may not disclose patient’s protected health information (PHI). What is a covered entity? All healthcare providers fall into this category, along with health plans, healthcare clearinghouses, and business associates.
The Security Rule focuses specifically on protected health information in electronic formats, called e-PHI. To comply with the Security Rule, medical practices must ensure the confidentiality of all e-PHI and protect against all anticipated threats to the information.
What is the TCPA?
Although not specific to healthcare, medical practices also need to understand and comply with the TCPA. A federal consumer privacy law, the TCPA regulates multiple forms of communication: landline and mobile telephone calls, text messaging, and facsimiles.
Under the TCPA, a business or organization must get consent before sending text messages to an individual. In healthcare, the medical practice is responsible for securing this consent. If requesting a patient’s mobile number, practices should clarify that the intent is to send text messages about healthcare information, including appointment reminders.
How Can You Send HIPAA Compliant Appointment Reminders via Text?
Appointment reminders are considered a form of e-PHI and are covered by HIPAA. Since appointment reminders are tied to patient treatment, you are permitted to contact patients to remind them of appointments without prior authorization. However, you must have safeguards in place and restrict the information you disclose. Also, you must comply with TCPA by gaining permission from patients before you text them.
Specifically, you should provide these essential details in reminder messages:
- Name of patient
- Appointment date and time
- Your practice name
- Your practice’s office phone number
However, you should never disclose the following without explicit permission from the patient:
- The nature of the patient’s disease or condition
- Treatment plans
- Test results
Detailing that information in reminder messages can be a privacy violation. The reason? Family members or other people may have shared access to the patient’s reminder message.
Now that you know the fundamentals of what you can and can’t communicate in reminder messages, you need to understand how to ensure your text messages are HIPAA compliant. Here are steps you must take:
- Alert the client that there is a risk of unauthorized PHI disclosure
- Obtain permission from the patient to communicate via text
- Document the patient’s consent to receive texts from you
- Provide the patient with an opt-out option
After attaining consent, you can send texts to patients, including reminder messages. However, you still don’t have permission to send marketing messages to patients. Another thing to consider is whether patients will want another person to receive reminders on their behalf. This is also possible under HIPAA, but you need to secure explicit permission to contact a specific individual from the patient. In those instances, you must make sure to share appointment details only and never leave messages containing any protected health information.
Prevent Costly Patient No-Shows with Text-Based Appointment Reminders
Texting has become the #1 preferred method of communication for many people. Today, people often willingly let businesses they trust send them texts with critical information. Healthcare providers can capitalize on this momentum and implement automated text reminders to alert patients about upcoming appointments.
Even if you have a solid phone and email reminder program in place, text messaging can help you reach more patients. An automated program eliminates the chore of placing daily reminder calls or sending emails manually. Your front office staff can spend less time on the phone and more time providing excellent service to patients.
One of the biggest advantages of texting is the opportunity to decrease patient no-shows. When patients receive text reminders via phone, they will be more likely to see those messages and react to them. This can mean showing up on time for an appointment or rescheduling if necessary. You’ll have fewer gaps in your schedule due to no-shows and can plan resources more effectively. Plus, you’ll see your revenue climb and your business thrive when you fill your days with more patient appointments.
No doubt, text messaging can be a huge win for healthcare providers–and it’s permissible under HIPAA. By knowing the regulations and following the proper protocols, you can remind each patient about their next appointment via text. That way, you can ensure that patients receive the medical care they need while supporting business growth.
Schedule a demo to learn more about Demandforce’s text message features
Enter your information to learn how Demandforce can help you attract, retain and engage patients at every step of the patient journey.