Paubox blog: HIPAA compliant email made easy

Can patients opt out of text messages containing PHI?

Written by Liyanda Tembani | July 21, 2023

Patients' ability to request restrictions on using text messages for communicating their protected health information (PHI) under HIPAA is a nuanced topic. HIPAA grants patients certain rights regarding their PHI, but it does not explicitly address the use of text messages for communication. However, according to the FCC's Telephone Consumer Protection Act, recipients can opt out of text messages at any time. 

 

HIPAA and patient rights

HIPAA grants patients certain rights concerning the use and disclosure of their PHI. These rights include the right to access their medical records, the right to request corrections to inaccurate information, and the right to request restrictions on the use and disclosure of their PHI.

Related: What are HIPAA right of access provisions?

 

Text messages and PHI communication

Providers often find text messaging convenient for sending appointment reminders, test results, and general inquiries. However, the nature of unencrypted text messages raises potential security and privacy concerns when transmitting PHI. Text messages can be vulnerable to interception or unauthorized access. 

However, there are HIPAA compliant text messaging solutions that are willing to sign a Business Associate Agreement, making texting messaging compliant with HIPAA regulations.

Related: The guide to HIPAA compliant text messaging 

 

HIPAA's position on text message communication

Covered entities must implement safeguards to protect patient information when sending text messages that contain PHI.

HIPAA allows covered entities to determine appropriate security measures based on specific circumstances. The focus is on implementing measures that ensure the privacy and confidentiality of PHI, regardless of the communication medium used.

 

Accommodating patient requests

Healthcare organizations must accommodate patients' requests to opt out of receiving text messages for PHI communication. Healthcare providers must consider their policies, offer alternatives, and always ensure the privacy and security of patient information. 

When a patient requests a restriction on using text messages for communicating their PHI, healthcare providers should engage in a dialogue to understand the patient's concerns and explore alternative communication methods. Providers must be willing to accommodate such requests by using secure alternatives. 

 

Alternatives for secure communication

To ensure the privacy and security of PHI, healthcare providers can offer alternative methods of communication. HIPAA compliant emails or secure messaging applications are alternatives that mitigate the risks associated with unencrypted text message communication. These methods provide additional safeguards, such as authentication and encryption, to protect PHI during transmission and storage.

Patients can discuss their communication preferences and concerns regarding PHI with their healthcare providers to identify the most suitable method that meets both parties' needs. Providers can educate patients about the security measures for each communication method and the benefits of using secure alternatives.

 

Balancing patient preferences and HIPAA compliance

While patients may desire the convenience of text message communication, providers must prioritize protecting PHI. Providers must offer secure communication options and open dialogue with patients to find solutions that meet patient preferences while ensuring HIPAA compliance.

Healthcare organizations can also address patient concerns by implementing policies and procedures that guide the appropriate use of text messages for PHI communication. This can include training staff on secure communication practices, implementing encryption technologies, and establishing clear guidelines on when and how text messaging can be used for sharing PHI.

 

Ensuring HIPAA compliance in text message communication

Healthcare providers can take steps to ensure compliance when using this medium. This includes:

  • Using secure messaging platforms that offer encryption
  • Developing policies and procedures for secure text message communication
  • Obtaining written consent from patients for text message communication
  • Training staff on the proper handling of PHI through text messages