Appointment Reminder, The Minimum Necessary Standard, HIPAA Tips

Appointment Reminder: HIPAA Rule Ads Additional Requirements For Patient Privacy


January 24, 2020 | Reading Time: 2 Minutes

Please support’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Appointment reminder regulation increased under new HIPAA Privacy Rule. Under the HIPAA Privacy Rule, covered entities (CEs) are restricted in how they are permitted to use and disclose protected health information (PHI). However, CEs may disclose PHI without authorization if the disclosure relates to the treatment, payment, or healthcare operations. To conduct business, CEs often provide patients with patient appointment reminders. As appointment reminders are considered part of the treatment of patients, they are permitted without prior authorization from the patient.

What is Permitted to be Disclosed in a Patient Appointment Reminder?

Sending patient appointment reminders via mail, email, or leaving a voicemail reminder, are permitted; however, before sending patients email reminders, covered entities must ensure that they have adequate safeguards in place securing the information.

When issuing patient appointment reminders, covered entities must restrict the information that they disclose in the reminder. The HIPAA Privacy Rule mandates that disclosure of PHI adheres to the minimum necessary standard. As such, when issuing patient appointment reminders, covered entities should only disclose the information needed to confirm the appointment.

The type of information that may be disclosed for appointment reminders are as follows:

  • Patient’s name
  • Appointment date and time
  • Covered entity’s name
  • Covered entity’s phone number

Disclosing information such as the nature of the patient’s appointment is considered an unauthorized disclosure of PHI. Covered entities should never disclose information regarding a patient’s treatment, health condition, or test results (via phone, email, or mail) unless patients sign an authorization form permitting their information to be disclosed in this manner. Disclosing health information without prior consent can result in the accidental disclosure of PHI, as a patient’s family member or friend may have access to the patient’s voicemail, email, or mail.

Although disclosing health information to a patient’s family member or friend is not permitted without authorization, covered entities may leave a message with a person other than the patient, provided that no health information is disclosed.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...