EZTexting is a platform that allows organizations to talk to customers via text. Many healthcare organizations use texting platforms to connect and communicate with employees, patients, and other healthcare providers. To do so, however, those within the healthcare industry need to work with platforms that are HIPAA compliant.
In the healthcare industry, sensitive protected health information (PHI) must be safeguarded under HIPAA. A major part of this compliance is working with vendors who will sign a business associate agreement (BAA) and ensure the security of PHI. EZTexting still does not mention a BAA on its website and may not be HIPAA compliant.
What is EZTexting?
EZTexting is an SMS marketing software that allows businesses of all sizes to communicate with their customers via text. Short message service (SMS) or text marketing is integral to proper communication. Such messages allow for more intimacy and higher levels of engagement. EZTexting includes full-funnel solutions that businesses can use in conjunction with other platforms and channels to further engage with their audiences.
In the healthcare sector, text messaging can serve various purposes, such as confirming appointments, discussing treatment plans, and sharing patient information among healthcare providers. EZTexting allows covered entities to mass communicate with their patients and look for more intimate means to reach them.
LEARN ABOUT: How HIPAA compliant texting improves patient outcomes
Is EZTexting considered a business associate?
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates (i.e., vendors) of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A BAA is a written contract between a covered entity and a business associate. It outlines the responsibilities and obligations of each party regarding the handling of PHI. Typical provisions within a BAA include:
- Permitted uses and disclosures of PHI
- Safeguards for protecting PHI
- Reporting and mitigation of security incidents
- Compliance with HIPAA regulations
- Dispute resolution and termination clauses
The agreement is required by law for HIPAA compliance and is considered the primary item to consider when it comes to EZTexting and its ability to be HIPAA compliant. EZTexting is a business associate of a healthcare organization if it transmits any PHI, like a name or email address, through a text message.
EZTexting and the BAA
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. We first mentioned EZTexting in 2020 and found no indication that the company would sign a BAA. A representative further stated, “Mass messaging companies are inherently not HIPAA compliant, unfortunately, but we do work with a lot of offices that only upload phone numbers.”
There is still no mention of a BAA on the EZTexting website though a healthcare web page does provide information about using SMS texting within the healthcare industry without a BAA. The page reiterates what the representative said about SMS texting and HIPAA while also providing benefits and best practices for medical organizations. One of the frequently asked questions on the web page notes that choosing a HIPAA-compliant SMS platform is one necessary step to keeping PHI secure.
RELATED: How to know if you're a business associate
EZTexting, text messaging, and data security
Text messaging can be a great way to communicate individually and collectively. In 2023, we created a HIPAA compliant guide to text messaging to update our ultimate guide from 2021. While HIPAA doesn't explicitly mention texting technology, it does impose rules for protecting sensitive patient data. Many texting tools are available, but not all meet HIPAA requirements of encryption, data backup, and access controls.
EZTexting’s platform security begins by saying, “We take our responsibility as data stewards very seriously.” To that end, the company mentions end-to-end encryption and secure data storage on its healthcare web page. Indeed, EZTexting has its data hosted at Amazon and Google data centers using Amazon Web Services and Google Cloud Platform technology.
Other features include infrastructure management, asset management, network security, physical security, and virus monitors.
TAKE A LOOK: How to collect patient feedback via text message
Is EZTexting HIPAA compliant?
The BAA is a necessary component of HIPAA compliance and EZTexting still does not offer a BAA to its customers or mention the agreement on its website. Conclusion: EZTexting may not be HIPAA compliant.
Understanding HIPAA compliance
Healthcare providers know that clear and efficient communication with patients is necessary to run a successful practice. When evaluating a platform’s HIPAA compliance, especially on the cloud, consider the following security needs beyond a BAA:
- Technical safeguards: Mitigate risks associated with cyber threats, hacking, malware, and other security incidents with strong technical safeguards. Such tools as perimeter defenses (e.g., firewalls) and HIPAA compliant email are equally vital for extra protection.
- Employee training: Ensure all staff members have up-to-date knowledge of HIPAA regulations and best practices. Regular training sessions can help prevent unintentional, employee-related breaches.
- Regular audits: Perform periodic assessments of all systems and processes to ensure that they remain compliant. Adapt to any changes in regulations or technology.
- Data access controls: Implement stringent controls, such as multifactor authentication, on who can access PHI and under what circumstances.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.