1 min read

Can you send texts about refill reminders and be HIPAA compliant?

Caitlin Anthoney October 17, 2024

HIPAA compliance
Row of prescription bottles with orange labels and white caps

Yes, providers can use HIPAA compliant text messaging to send refill reminders directly to patients.

 

HIPAA and text messaging

The Health Insurance Portability and Accountability Act (HIPAA) mandates that providers uphold the privacy and security of protected health information (PHI). 

According to the HHS explanation on the HIPAA Privacy Rule and refill reminders, sending refill reminders is permissible as it falls under HIPAA's "treatment" category. 

However, since text message refill reminders can contain PHI, providers must use a HIPAA compliant texting platform, like Paubox, to maintain regulatory compliance. 

 

How to send HIPAA compliant texts

  • Obtain patient consent: Providers must ask patients to consent to receiving texts with PHI. When getting patients’ authorization, providers must inform them about the potential risks and benefits of using HIPAA compliant text messaging.
  • Use a secure messaging platform: Providers must choose a HIPAA compliant text message platform with advanced security measures, including access controls, encryption, and audit logs. The platforms limit PHI access, so only authorized individuals can view or access it.
  • Sign a business associate agreement (BAA): For a messaging platform to be HIPAA compliant, it must be willing to enter a BAA acknowledging its role in protecting patient PHI. If the platform won’t sign a BAA, it is not HIPAA compliant, placing the healthcare organization at risk of data breaches and fines for non-compliance.
  • Provide an opt-out: Patients must be given an option to opt out of HIPAA compliant texts, respecting their privacy and communication preferences.

Go deeper: Best practices for patient communication with Paubox texting

 

FAQs

What makes a text message HIPAA compliant?

Providers must use a HIPAA compliant text messaging platform, which uses encryption, access controls, and authentication measures to protect patient privacy.

Additionally, providers must obtain explicit patient consent, limit PHI, and train staff to send HIPAA compliant text messages.

 

Can HIPAA compliant texts include images or attachments?

Yes, Paubox texting automatically encrypts images and attachments, protecting PHI during transmission and at rest.

 

Can providers use personal phones for HIPAA compliant texting?

Using a personal phone can be risky unless providers use a HIPAA compliant texting solution. Paubox ensures that all text communications are encrypted and HIPAA compliant, making it safe to send patient information.
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Healthcare worker holding prescription medication bottle at desk with laptop

Can you send emails about refill reminders and be HIPAA compliant?

Caitlin Anthoney : October 18, 2024

Yes, providers can send refill reminders directly to patients, but only if they use a HIPAA compliant email solution.

HIPAA compliant email
Read More
Rx symbol written on paper with a blue pen

Can a doctor be paid to send a prescription fill reminder email?

Picture of Kirsten Peremore Kirsten Peremore : August 24, 2023

Doctors can be paid for sending prescription fill reminders to patients. These reminders are considered part of the patient's treatment and, in most...

HIPAA compliance Email marketing
Read More
Phone screen showing a messaging app notification badge

Are refill reminders considered marketing under HIPAA?

Caitlin Anthoney : October 12, 2024

Refill reminders are not considered marketing under HIPAA if they concern a drug currently prescribed to the patient if the remuneration involved is...

HIPAA compliance Email marketing
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.