How to Text PHI with Patients and Stay Compliant

The following is a guest blog post by Jim Higgins, Founder & CEO at Solutionreach. You can follow him on twitter: @higgs77

Did you know that 73 percent of Americans say it is difficult to reach them by phone? In fact, Americans ignore 337 calls each year and that number is rising. Even if you leave a message, chances are high no one will ever hear it—80 percent of people report that they don’t even bother leaving a voicemail anymore because they don’t believe it will get listened to. More and more, phone calls are seen as invasive, outdated, or ineffective. Instead, people prefer to communicate via modern methods such as text message.

Texting Reigns as Favorite Communication Tool

We all know that pretty much everyone with a cell phone texts friends and family regularly. What is less well-known is that people would like to extend their texting habits to their healthcare provider. According to the 2017 Patient-Provider Relationship Study, 60 percent of patients want text reminders. Seven out of ten patients say they would like text communication beyond just reminders as well. It’s not just millennials. Around half of baby boomers also prefer text messages.

Unfortunately, many practices have shied away from texting or emailing patients through unsecured channels, wary of running into compliance issues. This is especially true when it comes to texting patients when those messages may include protected health information (PHI).

In fact, I suspect that if you were to poll a group of healthcare workers concerning the legality of sending PHI through unsecured text message, you would probably get answers all along the spectrum. Yes, no, maybe so? Many just don’t know.

Last March, at the HIMSS health IT conference Roger Severino, Director of the US Department of Health and Human Services Office for Civil Rights (OCR), the HIPAA enforcement agency, clarified the confusion.  According to Severino, providers may share PHI with patients through unsecure text messages as long as they have informed their patient that texting is not secure, asked for permission, and documented that consent.

“I think it’s empowering the patient, making sure that their data is as accessible as possible in the way they want to receive it, and that’s what we want to do.” Severino said.

Implementing Texting in a Compliant Way

This announcement was a big deal. Patients want to text you…and they want you to text them back. You significantly increase the value you offer to patients simply by giving them this option. So how does the implementation of Severino’s suggestions look in practice? Let’s say that you receive a text message from a patient named Mary asking you for some health-related information. In response, you can send something like this: “Hi Mary. I would love to chat with you more about your health. Text message is not a secure way to do that. Would you still like to continue this conversation?” If you are the one to initiate the conversation, you can send a similar message requesting permission before continuing.

Once Mary agrees and you document that permission, you are then allowed to continue the conversation without concern of violation. A key piece to remember here is that it is important that you make sure your patients are aware that texting is not secure. Then, if the patient feels uncomfortable communicating via that channel, you should move the conversation to a secure method such as a phone call, secure patient portal, or in-office visit. Remember—you are required to make patients aware of unsecured communication and receive authorization before discussing PHI on an unsecured channel.

As one final best practice, always include an opt-out message. Even if a patient has given consent in the past, you must always offer the option to discontinue the communication. This means that it is best to include a message such as “Reply STOP to opt-out” in your text messages.

In summary, if a healthcare provider would like to share PHI with a patient through regular, unsecured text messages, they must first:

  • Inform the patient that texting is not secure
  • Receive permission from the patient to continue
  • Document the patients’ consent
  • Offer an opt-out option

If you are not yet texting with patients (or only sending basic text reminders), this is a critical time to make a change. There is no other form of communication that has such a high level of adoption and engagement. Texting improves the health outcomes for patients as well as the financial outcomes for practices. With this recent clarification of policy by compliance officials, we can expect that the use of text will continue to grow dramatically as we move into the future.

Solutionreach is a proud sponsor of Healthcare Scene. As the leading provider of patient relationship management solutions, Solutionreach is dedicated to helping practices improve the patient experience while saving time for providers and staff.

About the author

Guest Author

1 Comment

  • You can text with OHmd and they are HIPAA compliant.

    OhMD allows for HIPAA compliant texting between patients and their doctors/practices by using a technology they know and understand.

Click here to post a comment
   

Categories