HIPAA Compliant texting, secure text messaging, HIPAA Compliant text messaging

What You Need to Know About HIPAA Compliant Texting


January 7, 2022 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

As a healthcare provider, secure text messaging is vital for your practice. A secure text messaging platform is a tool that any healthcare practice should utilize, especially since, according to research, 85% of smartphone users prefer mobile text messages over emails or phone calls. Although texting with a patient may seem like a good idea, several HIPAA considerations are essential. HIPAA-compliant texting requires providers to take specific steps to ensure that the communication is private and confidential, as discussed below.

HIPAA compliance is contingent on prior patient written authorization. You must receive this authorization before texting between a patient and the provider. However, it is not recommended to communicate with clients or patients via traditional texting platforms, even with patient authorization.

An SMS or iMessage, for instance, is not considered a secure form of communication as they lack necessary HIPAA safeguards. Although it is not recommended to use traditional texting platforms, they can be HIPAA compliant if, and only if, the provider warns the patient of the risk texting poses to their protected health information. This warning, and the patient’s consent, must be documented to meet HIPAA compliant texting requirements.

Although patient consent to text is required under most circumstances, HIPAA includes exceptions to this rule. For example, when emergencies arise, such as a natural disaster, providers can text patients without prior authorization.

How to Choose a HIPAA Compliant Text Messaging Platform

Like with any other software platform, text messaging platforms are required to implement HIPAA safeguards to keep patient information secure and be willing to sign business associate agreements with their users. Implementing safeguards are an essential component of HIPAA compliance as they enable the confidentiality, integrity, and availability of electronically protected health information (ePHI). These safeguards include encryption, access controls, user authentication, and audit logging.

Having a signed business associate agreement (BAA) with your healthcare texting platform is another one of the critical determinants of HIPAA compliance. A texting platform is not considered HIPAA compliant without a signed BAA. This is because BAAs dictate that each signing party be HIPAA compliant and maintain their compliance. BAAs also limit the liability for healthcare providers in the event of a breach caused by their texting platform, as only the negligent party would be guilty.

Secure text messaging in healthcare provides convenient, reliable, and safe means of communication and interaction with your clients. The reader can find examples of HIPAA-compliant texting messaging platforms in Telehealth.org Telehealth Buyer’s Guide. (Please leave a 1-5 star review if you have liked or not liked any telehealth technology in the past.)

This Article Contributed by Compliancy Group

Need assistance with HIPAA compliance? Compliancy Group can help!

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...