Chat with us, powered by LiveChat

Texting and HIPAA

I received a text this morning reminding me of a dental appointment in two weeks. I appreciate the reminder. Still, I don’t remember ever providing authorization to text me. For many items related to my healthcare, I certainly prefer a quick text (or email) over the secure platforms that require signing up for an account and logging in.

Patients are free to give permission to allow informational communications by text or email. But, if does need to conform to HIPAA. The following template might be helpful (note: this is not legal advice).

“Federal law prohibits this practice from sending you texts or email which are unencrypted or “unsecure.” However, many patients find it convenient to communicate with our office by traditional text and/or email. Those modes of communication are generally not considered “secure.” Some patients appreciate the tradeoff between ease of use / convenience and security. We want to accommodate your preferences. If you would like to communicate with us by “unsecure” text or email, please confirm below by providing your authorization. We will keep your preferences in force with no current expiration date until we learn otherwise. Obviously you can change your mind at any point down the road. Just let us know in writing so we can stay updated with your preference(s). Obviously if messages are sent through such channels, they may no longer be protected by HIPAA. Finally, whether or not you decide to use email or text messaging, your choice will have no impact on our decision to treat you. We are here for you.
I authorize the practice to communicate with me by “unsecure” text; that text number being: ______________ (number) ______________(signature/date);
I authorize for the practice to communicate with me by “unsecure” email; that email address being: ______________ (email address) ______________(signature/date)”

Next, your texting vendor should sign a Business Associate Agreement so they don’t create any mischief with the mobile numbers.

Finally, a text is part of the medical record. Preserving it might just toss you a life preserver down the road when memories are short.

What do you think? Do you use texting or run of the mill email in your practice to communicate with patients.

By |2017-07-14T11:14:37+00:00June 17th, 2016|Compliance, Cybersecurity, News, Practice management|5 Comments

About the Author:

Helping patients find the best doctors online. Helping the best doctors be found online.At eMerit®, we focus on managing your Dental or Medical Identity toward a sustainable and growing business – where both doctors and patients thrive.And we minimize distractions away from patient care while meeting your business objectives by transforming everyday patient interactions into growth drivers.At eMerit, we take your Medical Identity® personally.

Leave a Reply

5Comment threads
0Thread replies
Most reacted comment
Hottest comment thread
4Comment authors
newest oldest most voted
Notify of
Robert Sterling, MD (EM)

I am a physician reviewer and have learned that most regulatory agencies (god bless ’em) require very simple language that is to the point and brief. The email example given is just not in line with those expectations. Whatever you write, do it in Word, then press F7 and follow the instructions to get the reading level of your text. I’ve been advised that anything above 8th grade is unacceptable (an insult to me and a lot of patients and providers, but so be it). It takes time to revise and re submit to F7 but soon you get the… Read more »

Robert Sterling, MD (EM)

You’ll have to format the F7 function to analyze for grade level; otherwise it just analyzed grammar and punctuation

Jeffrey Segal

I just checked the readability for Model Notice Privacy Practices on Dept HHS Website as but one example of what regulatory bodies “suggest.”. Readability score is Gunning Fog index of 12.55. That index measures the number of years of formal education required to substantively comprehend the text. That translates to 12.5 years of formal education – or between high school senior and college freshman.

Don’t cut corners when it comes to regulatory bodies. HHS has defined what needs to be included in HIPAA Authorization to be compliant. It’s more than “You have my permission to text me.”

Edward Chastka M.D.

I have used an easy solution, I opted out of HIPAA through the “country doctor” option. What a relief!


Sage advice from the good Dr Segal.