HIPAA Compliant Texting: Are You Doing It Right?

HIPAA Compliant Texting: Are You Doing It Right?

Simple Ways to Ensure Your Hospital or Clinic’s SMS Text Messages are Satisfying HIPAA and PHI Compliance

Most healthcare providers are aware that the best intentions can occasionally result in disaster. Sending SMS text messages—with colleagues or patients—is a prime example. Did you know that violating rules for HIPAA compliant texting can result in fines of $50,000 to $1.5 million per occurrence?

Yes, that’s per occurrence. And think about it: How easy is it have multiple SMS conversations that include multiple text messages?

How can you take advantage of using text messaging to provide better healthcare but still be HIPAA compliant? Here are some guidelines.

No Texting Means No PHI or HIPAA Violations

The easiest way to ensure you are sending HIPAA compliant text messages is to just not send non-personal text messages to patients or colleagues.

More specifically, that means refrain from sending anything that would be considered protected health information (PHI) by the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA’s complete list of what makes something PHI is lengthy, but the general idea is it includes any written or visual information an unauthorized third-party could use to identify a patient, including:

• Names (including family members)

• Addresses

• Dates

• Phone and fax numbers

• E-mail addresses

• Website and IP addresses

• Social Security numbers

• Medical record numbers

• Photographs

• Biometrics (such as fingerprints)

Not accepting or discouraging text messages from patients is another way to ensure HIPAA compliance.

This guidance may be overstating the obvious, but the reality is our mobile phones have become such common and convenient parts of our personal and professional lives, it’s tempting to use them. That desire might be even greater at smaller clinics where staff and patients may feel more comfortable exchanging their mobile phone numbers.

Use HIPAA-Compliant Communication Platforms for Texts…and e-Mail, too

If your hospital or clinic is compelled to use text messaging to improve patient engagement and outcomes—either to communicate with patients or for staff to communicate internally—it’s crucial that you are using a secure, HIPAA-compliant text message platforms and servers from providers.

The same rules and penalties for HIPAA compliant texting apply for e-mail too, which is another convenient way to communicate with smartphones. Your hospital or clinic can take advantage of using e-mail to engage with patients if you are using secure, HIPAA-compliant technologies and protocols.


As Sequence Health’s Central/Western Regional Director, Chris Stearns is one of our key healthcare IT experts.

Sequence Health is a cloud-based technology and services company that improves profitability and patient outcomes for hospitals and practices through end-to-end patient engagement solutions backed by clinical and non-clinical teams. Its HIPAA-compliant, SaaS platform improves care team workflows, automates patient communication and tracks patient progress to optimize the patient journey. Since 2004, leading healthcare providers have trusted Sequence Health to help acquire, manage and engage patients through complex episodes of care.

HIPAA Compliant Texting: Are You Doing It Right?