Can you send texts about refill reminders and be HIPAA compliant?

Yes, providers can use HIPAA compliant text messaging to send refill reminders directly to patients.

HIPAA and text messaging

The Health Insurance Portability and Accountability Act (HIPAA) mandates that providers uphold the privacy and security of protected health information (PHI). 

According to the HHS explanation on the HIPAA Privacy Rule and refill reminders, sending refill reminders is permissible as it falls under HIPAA's "treatment" category. 

However, since text message refill reminders can contain PHI, providers must use a HIPAA compliant texting platform, like Paubox, to maintain regulatory compliance. 

How to send HIPAA compliant texts

• Obtain patient consent: Providers must ask patients to consent to receiving texts with PHI. When getting patients’ authorization, providers must inform them about the potential risks and benefits of using HIPAA compliant text messaging.
• Use a secure messaging platform: Providers must choose a HIPAA compliant text message platform with advanced security measures, including access controls, encryption, and audit logs. The platforms limit PHI access, so only authorized individuals can view or access it.
• Sign a business associate agreement (BAA): For a messaging platform to be HIPAA compliant, it must be willing to enter a BAA acknowledging its role in protecting patient PHI. If the platform won’t sign a BAA, it is not HIPAA compliant, placing the healthcare organization at risk of data breaches and fines for non-compliance.
• Provide an opt-out: Patients must be given an option to opt out of HIPAA compliant texts, respecting their privacy and communication preferences.

Go deeper: Best practices for patient communication with Paubox texting

FAQs

What makes a text message HIPAA compliant?

Providers must use a HIPAA compliant text messaging platform, which uses encryption, access controls, and authentication measures to protect patient privacy.

Additionally, providers must obtain explicit patient consent, limit PHI, and train staff to send HIPAA compliant text messages.

Can HIPAA compliant texts include images or attachments?

Yes, Paubox texting automatically encrypts images and attachments, protecting PHI during transmission and at rest.

Can providers use personal phones for HIPAA compliant texting?

Using a personal phone can be risky unless providers use a HIPAA compliant texting solution. Paubox ensures that all text communications are encrypted and HIPAA compliant, making it safe to send patient information.