Texting patients can be convenient, but if youāre not careful, it can also lead to serious HIPAA violations.
The good news is that staying compliant isnāt complicated once you know what to avoid. Here are 5 common HIPAA mistakes to watch out for when texting patients:
-
Using unsecured channels that donāt encrypt messages or protect sensitive data
-
Allowing access from unauthorized people like staff without proper clearance
-
Texting without patient consent which is a clear compliance red flag
-
Retaining text messages containing PHI without proper safeguards
-
Failing to train employees on HIPAA-safe communication practices
1. Using unsecured channels
Text messaging is convenient, but it’s not always secure. One of the most common HIPAA mistakes made by healthcare marketers is sending PHI through unsecured channels. Text messages can be intercepted and read by third parties, putting patients’ PHI at risk.
To avoid this mistake, healthcare marketers should use secure messaging platforms that encrypt messages. Additionally, you should never include any PHI in a text message unless it’s absolutely necessary. Instead, you should use secure messaging platforms, like patient portals, when PHI must be shared.
2. Allowing access from unauthorized people
Mistakes happen, so make sure to be extra careful when assigning roles and permissions inside of your secure texting platform. If the wrong employees (e.g., someone in billing) are given access to private text conversations between doctor and patient without the patientās knowledge, you are violating HIPAA.Ā
The same applies to the receiving end of the text. For example, a couple of months ago, one medical office in the U.K. accidentally sent out a mass text to their patients stating that they all had a terminal cancer diagnosis. Clearly, this text was meant for one person and created an absolute disaster.Ā
Donāt be this person! Take your time when sending texts to patients and always double-check to ensure you have the right recipient.
3. Texting without consent
Before you start texting anyone, you need to have their consent. They must also be given the option to revoke this consent at any time. Otherwise, youāre not only violating HIPAA, but the Federal Communications Commission as well. And of course, youāll be annoying your patients.
You can get patients to opt in by encouraging inbound traffic and prompting patients to initiate the text conversation themselves by texting āSTARTā to your encrypted number. You can also ask them by having them simply check a box either on a web form or any in-person paperwork.Ā
Make sure you differentiate between care coordination texts and automated scheduling reminders, so patients know what theyāre signing up for.
4. Retaining text messages containing PHI
HIPAA requires healthcare providers to retain patient records for a specific period. However, text messages containing PHI may not be appropriate for retention due to the lack of security and control over who has access to them.
Healthcare marketers must ensure that they’re not retaining any text messages containing PHI that aren’t required for patient care. If a text message contains PHI that needs to be retained, it should be saved in a secure electronic health record (EHR) system or printed and stored in a secure location.
5. Failing to train employees
HIPAA requires healthcare providers to train their employees on its rules and regulations to ensure compliance. That being said, you must ensure that all employees who are involved in sending text messages to patients are trained on the matter.
Training should include information on how to use secure messaging platforms, obtain patient consent, and protect PHI. Additionally, employees should be trained on how to recognize and respond to potential HIPAA violations.
To avoid HIPAA mistakes when texting patients, always use secure messaging platforms, watch who has access to the texts, obtain patient consent, retain text messages appropriately, and train employees. By following these guidelines, you can ensure that you’re compliant with HIPAA regulations and protect patients’ PHI.
For personalized help getting started with SMS marketing in your hospital or medical practice, schedule a free marketing diagnostic consultation with Bizzuka. Weāll run through your current strategy and help you understand where youāre currently falling short.