HIPAA Compliant Texting: The Do’s and Don’ts


HIPAA Compliant Texting: What’s New?

Questions regarding how to send HIPAA compliant text messages never seem to go away. The use of mobile devices, email inquiries from patients, and ever more breaches of PHI remind us that we need to continuously reevaluate the way we use these important tools.

HIPAA Compliant Texting Sign

Texting Do’s and Don’ts

Today physicians are quite comfortable using cell phone technology to reach out to other providers and to their patients.  Texting tends to be an efficient, convenient, easy way to send and receive messages. But messages containing electronic protected health information (ePHI) can be read by anyone, forwarded to anyone, remain unencrypted on telecommunication providers’ servers, and stay forever on senders’ and receivers’ phones. Unfortunately, traditional SMS messaging is inherently nonsecure and noncompliant with safety and privacy regulations under the Health Information Portability and Accountability Act (HIPAA).

In addition, senders of text messages cannot authenticate the recipient of SMS messages (e.g., senders cannot be certain that the message has been sent to and opened by the right person). Studies have shown that 38 percent of people who text have sent a text message to the wrong person!

Dr Concerned about HIPAA Compliant TexingA single violation for an unsecured communication can result in a fine of $50,000; repeated violations can lead to $1.5 million in fines in a single year, not to mention the damage done to the reputation of an organization and its ability to attract patients just for not using HIPAA compliant texting.

There are HIPAA Compliant texting solutions that can be utilized to help physicians and other providers send secure text messages with PHI.  They work similar to secure email applications (where the recipient receives a notice that he or she has been sent a secure text, and a link where they can access the text message. Here is a white paper on HIPAA compliant texting with points to consider when evaluating a secure text messaging service.

All of the same rules apply for nonsecure and noncompliant email. Here is a link for your reference on HIPAA Compliant Email.



When you need proven expertise and performance

Cindy Winn-Garnigan, MBA, CHSP

Ms. Cindy Winn has over 20 years of healthcare experience and expertise in operations, project management, and is certified as a HIPAA Security Professional (CHSP).

Comments are closed.