HIPAA Compliant Communication, communication errors in healthcare

Best Practices for HIPAA Compliant Communication in Healthcare


June 14, 2022 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Whether you use the telephone, email, telehealth video platforms, or text messaging to communicate with patients, it may be helpful to consider how HIPAA-compliant communications differ. Understanding how HIPPA rules differ for each communication tool is essential. Learn best practices for HIPAA complaince and how to avoid common communication errors in healthcare.

HIPAA Compliant Communication Best Practices

In healthcare, regardless of the communication method used (such as telephone, email, telehealth, or text messaging), it must comply with HIPAA rules and regulations. Certain communication tools require written patient consent before use, while others require a signed business associate agreement. See Telehealth.org’s previous article HIPAA Business Associates and How to Choose the Right HIPAA Business Associate Vendor for more information.
How can different tools be used for HIPAA-compliant communication?

  1. Telephone: written patient consent is required before communicating with a patient over the telephone. In addition, limiting the information offered in the message is crucial when leaving a voicemail. See Mobile Device Security and HIPAA Compliance and What is HIPAA Compliant Voicemail.
  2. Email: while communicating with patients through email is not recommended, it is permitted with written patient consent that is signed before the email exchange takes place. During informed consent, the provider must warn the patient of the cybersecurity risks associated with email. If that timing is not strictly followed, healthcare providers must use an encrypted email service that will include a signed Business Associate Agreement (BAA). See Telehealth.org’s previous article HIPAA Compliant Email for Therapists and What is HIPAA Compliant Email? for more information.
  3. Telehealth: conducting telehealth appointments has become a popular form of patient communication. Not all telehealth tools are created equal. Some offer HIPAA-compliant telehealth services, while others do not. HIPAA-compliant telehealth tools are secure and will sign a BAA.
  4. Text message: traditional text messaging platforms are not HIPAA compliant, as they lack the protection to secure protected health information (PHI). However, some healthcare texting platforms can be used for HIPAA-compliant texting.

Before disclosing PHI through respective tools, confirming a patient’s contact information (mailing address, email, phone number) is essential.

Common Communication Errors in Healthcare

Knowing what not to do is just as important as learning what to do. Common communication errors in healthcare include:

  1. Failing to receive patient consent before delivering professional services
  2. Using a communication tool that is not HIPAA compliant
  3. Using a communication tool incorrectly
  4. Disclosing patient information to an unauthorized individual
  5. Failing to share records in a timely manner upon patient request

This Article is Contributed by the HIPAA Compliancy Group

Need assistance with HIPAA compliance? The Compliancy Group can help!

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...