Most of us text frequently (if not constantly) in our personal lives – but when you're texting a patient, the rules change dramatically.
Posted in Risk Management on Thursday, May 27, 2021
There are some amazing, mind-blowing statistics out there about much texting is used and how often we check our phones (up to 96 times per day) – so it makes sense that using texting as a patient communication method is becoming more common. Because we text frequently in our personal lives, it’s easy to assume that we know texting etiquette and best practices. However, when you are texting your patients, there are certain risks of which to be aware – such as violating HIPAA. Texting is also discouraged for sending any medical orders to staff. Consider these tips and recommendations before implementing texting as a form of patient communication in your practice.
Obtain Consent
Your patients must give written consent that allows your practice to text them; they must also have the ability to opt out of every message which is sent.
Contact Your Attorney
As with any form of communication, HIPAA compliance is a must. Given that texting patients is a complicated process with many pitfalls, we recommend you contact your attorney to help you create compliant procedures for texting patients.
Consider Using a Service
Automated services that are compliant with HIPAA and PHI requirements are becoming common in healthcare. Research and consider using one of these HIPAA-compliant text messaging platforms to maintain professionalism and remain impersonal.
Protect PHI
According to the HIPAA Journal, “Controls must be put in place to ensure ePHI cannot be accessed by unauthorized individuals. Protecting ePHI requires access controls to be in place and data must be encrypted at rest and in transit.” Be aware that standard SMS text messages do not have the right controls.
Best Practices
If you manually text instead of using a compliant platform, be mindful of best practices as outlined by the Healthcare Information and Management Systems Society (HIMSS) – in addition to not violating HIPAA requirements or revealing PHI.
- Obtain written consent to text.
- Always be professional.
- Do not use abbreviations.
- Be concise. Messages over 160 characters will split into two messages.