How to Stay HIPAA Compliant When Patients Text Health Questions

Your patients love communicating with your practice via text. This is all amazing and easy when it comes to making and rescheduling appointments, sending birthday and meet the doctor video messages, recalling dormant patients, or planning events. But what happens when your patients ask questions about their health? We’re sure, as a healthcare practice, you always have HIPAA top of mind when it comes to communicating with patients. Since text is a new technology for many practices, we wanted to help clear things up so you can stay HIPAA compliant while communicating with patients over text.

HIPAA Compliance

As you know, HIPAA provides rules that help to keep PHI (Personal Health Information) private. The first step is to be sure that everyone involved in your communications is aware of and follows HIPAA rules.

Practices and partners need to comply.

In addition to practices, Business Associates must follow HIPAA regulations—including a company like Zingit who you’ve partnered with to assist with communications. It’s your responsibility as a practice to receive written assurances that business associate is aware of HIPAA regulations and will protect your patients’ PHI. Most often, practices get this information in the form of a business association agreement.

Once you’re sure you’ve partnered with a communications provider who you know is aware of HIPAA regulations (ehem, Zingit!!!), you can focus on how to stay HIPAA compliant when communicating with patients over text.

An example text conversation

Let’s imagine a patient texts you with a question about their health or care.

Patient: “Hello doc. I was wondering if it is safe for me to do this strenuous activity before my next appointment?”

Of course, it’s amazing that technology has brought us to a point where you can even consider replying quickly, outside of an appointment, to a question. Also, your patient has asked the question and has the full right to do so over text—it’s his or her private information. But what can you do?

Do Not

• Don’t forward the message anywhere.

• Don’t respond to the question or continue the conversation in an unsecured way unless you….

Do

• Reply with a message requesting the patient’s consent to discuss their PHI.

• Wait for a patient response with permission before continuing.

• If you don’t get consent, suggest a secure way to answer the question.

Doc: “Hi Brad. It looks like you’d like to discuss your health in a little more detail. Text is not a secure way to do that. Do you still want to carry on a conversation?”

Once you’ve gotten permission, you are free to respond as you’d like. Continue the conversation via text. If it’s more complicated, or if the patient prefers not to communicate via text, suggest when and where you can discuss this next (at the next appointment, over a phone call).

So, in short, HIPAA requires that you make patients aware of the risk of communicating their PHI via an unsecured channel and to obtain their consent prior to doing so.

As text industry pioneers and with a focus on healthcare, Zingit is very aware of HIPAA compliance as well as the Telephone Consumer Protection Act (TCPA). Read more about HIPAA and TCPA compliance in our white paper.

Disclaimer: The information conveyed in this guide is for informational purposes only. It is not to be considered legal advice. If you require legal advice, you are encouraged to seek the counsel of a licensed attorney.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email