5 HIPAA Mistakes to Avoid When Texting Patients 

doctor texting patient
  • /
  • Insights
  • /
  • 5 HIPAA Mistakes to Avoid When Texting Patients
February 28, 2023

HIPAA applies to everyone in the medical field, including healthcare marketers.

Its intensive regulations are one of the main reasons why many hospitals and clinics shy away from any kind of digital marketing–fear of violating HIPAA.

But as long as you know what mistakes to avoid, things like SMS and social media marketing don’t have to be so scary. Let’s take a look at five HIPAA mistakes to avoid when texting patients and how to stay compliant.

1. Using unsecured channels

Text messaging is convenient, but it’s not always secure. One of the most common HIPAA mistakes made by healthcare marketers is sending PHI through unsecured channels. Text messages can be intercepted and read by third parties, putting patients’ PHI at risk.

To avoid this mistake, healthcare marketers should use secure messaging platforms that encrypt messages. Additionally, you should never include any PHI in a text message unless it’s absolutely necessary. Instead, you should use secure messaging platforms, like patient portals, when PHI must be shared.

2. Allowing access from unauthorized people

Mistakes happen, so make sure to be extra careful when assigning roles and permissions inside of your secure texting platform. If the wrong employees (e.g., someone in billing) are given access to private text conversations between doctor and patient without the patient’s knowledge, you are violating HIPAA. 

The same applies to the receiving end of the text. For example, a couple of months ago, one medical office in the U.K. accidentally sent out a mass text to their patients stating that they all had a terminal cancer diagnosis. Clearly, this text was meant for one person and created an absolute disaster. 

Don’t be this person! Take your time when sending texts to patients and always double-check to ensure you have the right recipient.

3. Texting without consent

Before you start texting anyone, you need to have their consent. They must also be given the option to revoke this consent at any time. Otherwise, you’re not only violating HIPAA, but the Federal Communications Commission as well. And of course, you’ll be annoying your patients.

You can get patients to opt in by encouraging inbound traffic and prompting patients to initiate the text conversation themselves by texting “START” to your encrypted number. You can also ask them by having them simply check a box either on a web form or any in-person paperwork. 

Make sure you differentiate between care coordination texts and automated scheduling reminders, so patients know what they’re signing up for.

4. Retaining text messages containing PHI

HIPAA requires healthcare providers to retain patient records for a specific period. However, text messages containing PHI may not be appropriate for retention due to the lack of security and control over who has access to them.

Healthcare marketers must ensure that they’re not retaining any text messages containing PHI that aren’t required for patient care. If a text message contains PHI that needs to be retained, it should be saved in a secure electronic health record (EHR) system or printed and stored in a secure location.

5. Failing to train employees

HIPAA requires healthcare providers to train their employees on its rules and regulations to ensure compliance. That being said, you must ensure that all employees who are involved in sending text messages to patients are trained on the matter.

Training should include information on how to use secure messaging platforms, obtain patient consent, and protect PHI. Additionally, employees should be trained on how to recognize and respond to potential HIPAA violations.

To avoid HIPAA mistakes when texting patients, always use secure messaging platforms, watch who has access to the texts, obtain patient consent, retain text messages appropriately, and train employees. By following these guidelines, you can ensure that you’re compliant with HIPAA regulations and protect patients’ PHI.

For personalized help getting started with SMS marketing in your hospital or medical practice, schedule a free marketing diagnostic consultation with Bizzuka. We’ll run through your current strategy and help you understand where you’re currently falling short.