What a Texting Policy Should Include
Texting comes under the heading of social media, so it warrants a well-thought-out plan to avoid, among other concerns, HIPAA and TCPA (Telephone Consumer Protection Act) violations.
Posted in Risk Management on Wednesday, February 21, 2018
When developing a policy regarding the use of text messages for inclusion in your practice social networking/media policy manual consider the following:
Plan:
What will be the purpose of your texting?
- Providing information and education (general health reminders and/or special offers aka non-urgent information)?
- Clerical purposes, such as appointment reminders and account balances?
- For diagnostic issues, such as triaging patient concerns?
- Consultative issues, such as having specific interactions with patients?
Do:
Establish an office communication policy with protocols that detail your texting program.
- Who will be responsible for accessing, monitoring and providing content for the texting program?
- Which device or application will be used?
- Will a vendor be involved, thus necessitating a business associate agreement?
- How often will updates be considered?
- Who will respond to queries resulting from the texts?
- How will routine inquires, such as correcting contact information be gathered and documented?
- When and how often will messages be sent?
- How often will opt-out information be provided to users?
- How often and when will messages be retained and deleted?
- Text messages involving PHI should be documented in the patient’s medical record and retained for the legally required time period
- Text messages should be afforded the same treatment as other patient correspondence
- To confirm receipt of messages, what type of verification of receipt (authentication process) will be instituted?
- Will devices used for text messaging be password protected and encrypted?
- How will devices be purged of all texts when being discarded or exchanged, and what verification process will verify the purging has taken place?
Act:
Remember: Your patient must agree to receiving texts from your office. You should incorporate a communication consent form that authorizes you to send text messages.
- The consent form should:
- Acknowledge that the patient’s cell phone provider may charge them for texting and data use
- Confirm that other individuals using the same cell phone number may receive alerts (such as family members)
- Confirm that text messaging is not always secure
- Confirm that the agreement is with an individual who is at least 18 years old, legally responsible for use of the account and agrees to all terms and conditions of use
- The form should provide an “opt in” and “opt out” option
- The signed form should be maintained in the patient’s medical records
- Text messages should never ever ask for payment, credit card or personal information (advise patients how to report suspicious texts)
As a policyholder, if you have questions about the risks of texting patients, please contact us.