Health Information Compliance Alert

Published on Mon Jul 21, 2014 PDF

Question: If we wanted to start sending text message notifications to patients just regarding that a statement is now available for viewing, how would that play into the HIPAA rule? What do we need to do in terms of compliance if we’re not really providing patients with any information other than the fact that a statement is available for viewing?

Answer: “That’s a perfect example of the kind of information that you should be allowed to communicate via text message,” says Jim Sheldon-Dean, founder and director of compliance services at Lewis Creek Systems, LLC in Charlotte, VT. But this situation does indicate that you have a patient-provider relationship with the individual, which is considered protected health information (PHI) under HIPAA.

What to do: You should ask the patient’s permission to have that text-message communication, Sheldon-Dean advises. You need to ask the patient whether he is okay with text communications, advising him that the text messaging is not secure so the message itself could be exposed. “But obviously, it’s a very minimal kind of risk,” he notes.

And generally, patients will most likely agree to receiving these types of text messages. “I don’t think you even necessarily have to have a copy of a written signature, so long as you have a documented conversation for something that simple and straightforward,” Sheldon-Dean recommends. “I think that would be a reasonable thing to do.”