EZTexting is a platform that allows organizations to talk to customers via text. Many healthcare organizations use texting platforms to connect and communicate with employees, patients, and other healthcare providers. To do so, however, those within the healthcare industry need to work with platforms that are HIPAA compliant.
In the healthcare industry, sensitive protected health information (PHI) must be safeguarded under HIPAA. A major part of this compliance is working with vendors who will sign a business associate agreement (BAA) and ensure the security of PHI. EZTexting still does not mention a BAA on its website and may not be HIPAA compliant.
EZTexting is an SMS marketing software that allows businesses of all sizes to communicate with their customers via text. Short message service (SMS) or text marketing is integral to proper communication. Such messages allow for more intimacy and higher levels of engagement. EZTexting includes full-funnel solutions that businesses can use in conjunction with other platforms and channels to further engage with their audiences.
In the healthcare sector, text messaging can serve various purposes, such as confirming appointments, discussing treatment plans, and sharing patient information among healthcare providers. EZTexting allows covered entities to mass communicate with their patients and look for more intimate means to reach them.
LEARN ABOUT: How HIPAA compliant texting improves patient outcomes
HIPAA applies to covered entities, which include healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates (i.e., vendors) of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A BAA is a written contract between a covered entity and a business associate. It outlines the responsibilities and obligations of each party regarding the handling of PHI. Typical provisions within a BAA include:
The agreement is required by law for HIPAA compliance and is considered the primary item to consider when it comes to EZTexting and its ability to be HIPAA compliant. EZTexting is a business associate of a healthcare organization if it transmits any PHI, like a name or email address, through a text message.
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. We first mentioned EZTexting in 2020 and found no indication that the company would sign a BAA. A representative further stated, “Mass messaging companies are inherently not HIPAA compliant, unfortunately, but we do work with a lot of offices that only upload phone numbers.”
There is still no mention of a BAA on the EZTexting website though a healthcare web page does provide information about using SMS texting within the healthcare industry without a BAA. The page reiterates what the representative said about SMS texting and HIPAA while also providing benefits and best practices for medical organizations. One of the frequently asked questions on the web page notes that choosing a HIPAA-compliant SMS platform is one necessary step to keeping PHI secure.
RELATED: How to know if you're a business associate
Text messaging can be a great way to communicate individually and collectively. In 2023, we created a HIPAA compliant guide to text messaging to update our ultimate guide from 2021. While HIPAA doesn't explicitly mention texting technology, it does impose rules for protecting sensitive patient data. Many texting tools are available, but not all meet HIPAA requirements of encryption, data backup, and access controls.
EZTexting’s platform security begins by saying, “We take our responsibility as data stewards very seriously.” To that end, the company mentions end-to-end encryption and secure data storage on its healthcare web page. Indeed, EZTexting has its data hosted at Amazon and Google data centers using Amazon Web Services and Google Cloud Platform technology.
Other features include infrastructure management, asset management, network security, physical security, and virus monitors.
TAKE A LOOK: How to collect patient feedback via text message
The BAA is a necessary component of HIPAA compliance and EZTexting still does not offer a BAA to its customers or mention the agreement on its website. Conclusion: EZTexting may not be HIPAA compliant.
Healthcare providers know that clear and efficient communication with patients is necessary to run a successful practice. When evaluating a platform’s HIPAA compliance, especially on the cloud, consider the following security needs beyond a BAA: