Skip links

5 HIPAA Mistakes Every Practice Should Avoid When Texting Patients

Written by Leave a Comment

In the current age, providers must adopt digital communication strategies, in order to continue meeting the everchanging needs of patients. Patients these days value convenience above all else, and digital communication is one of the core components in this area. These communication avenues are also very convenient to practice. Texting, for example, is a fantastic method of making payments, scheduling appointments, collecting feedback, and speaking with patients.

While texting is undoubtedly convenient and beneficial for all parties, there are a few things that practices should keep in mind before implementing such a system. Chief among these concerns is HIPAA, which is what we’ll be discussing here. The ease that texting offers can also often lead to unintentional HIPAA violations, which can bring hefty fines and penalties.

Here are 5 HIPAA mistakes every practice should avoid when texting patients:

Non-secure systems
While it can be tempting to simply text patients over your personal smartphone, providers need to be mindful of the fact that they might be discussing confidential information. The texting system being used needs to have encryption, in order to protect this sensitive data. To maintain the security of the data being exchanged, providers must make sure their preferred texting solution has encryption and is HIPAA compliant. A solution capable of integrating with the existing Practice Management (PM) system would also aid in maintaining a high level of efficiency.

Texting patients without opt-in
One of the most crucial aspects of a successful patient texting system is patient consent. Texting patients without their express consent can be a HIPAA violation, and may also see your practice on the wrong side of various other regulators. This should all be avoided, receiving patient consent is easy enough. Encourage patients to be the ones making first contact by including your phone number on your website, along with a simple message like “text us at [number]”. Should that sound too difficult, you can simply ask patients to opt-in when they come to the practice.

On the sign-up form on your website, include a disclaimer that providing any contact information gives the practice the right to use those channels of communication. Finally, also include a method of opting-out, should patients no longer wish to communicate over text.

Learn More: The Real Reason Why Physicians Must Comply with HIPAA

Sharing Protected Health Information (PHI)
Once consent is acquired for texting, the next step is to acquire consent prior to sharing personal health information (PHI). Not all patients will sign up for text message communications. Some will simply want it for scheduling and reminders, so it is important to get consent before sharing any PHI. This is a handy way of knowing which patients would be looking for these types of conversations over text, and will also protect the practice from any legal troubles that might have arisen without consent.

Outside interference isn’t the only thing to worry about when sharing PHI. The wrong employees having access to the devices used for communication can be just as deadly, leading to problems like insurance fraud or identity theft. Even the most secure system won’t be of any use if you simply leave the device lying around where anyone can use it.

Managing permissions and access so that only the right people have access is a crucial component of a secure text messaging system.

The wrong employees having access
Outside interference isn’t the only thing to worry about when sharing PHI. The wrong employees having access to the devices used for communication can be just as deadly, leading to problems like insurance fraud or identity theft. Even the most secure system won’t be of any use if you simply leave the device lying around where anyone can use it.

Managing permissions and access so that only the right people have access is a crucial component of a secure text messaging system.

Sending messages to the wrong patients
This is a bit of a silly one, and one I’m sure we’ve all been guilty of at some point in our lives. However, that doesn’t make it any less important. When sharing PHI, it is crucial that this information is only sent to those it belongs to.

As disastrous as it can be, this problem is easily preventable. Front desk staff need to take the lead on this, confirming patient information every time they get in. It might seem a tedious task at first, though long term it will be much better than facing the consequences of an accidental HIPAA violation. Good check-in systems offer self-service patient check-in KIOSK’s that let patients review and approve their information during check-in.

 

Author

Nathan Bradshaw is a progressive healthcare researcher with access to industry experts, researchers, physicians, legislators, and entrepreneurs to promote technological advancements across the entire healthcare value chain. He is passionate about groundbreaking technologies such as Cloud-Based Systems, Artificial Intelligence, Autonomous Billing, Patient Engagement, Augmented Reality, and the Internet of Things initiatives that can help improve the quality and efficiency of care delivery.

Reader Interactions

Join the Discussion!

Please submit your comment with a real name.

Thanks for your feedback!

Loading Facebook Comments ...
Loading Disqus Comments ...
Shares