Text messaging is one of the most effective ways companies can communicate with clients. In fact, as of May 2020, SMS open rates are amongst the highest in the marketing mix and account for 99% of messages opened and 95% opened and responded to within the first three minutes of being delivered. While having a text messaging marketing plan as part of an overall marketing strategy might sound obvious based on these statistics, key decision-makers in the healthcare space need to make absolutely sure they are not violating HIPAA rules when it comes to using these services. In this blog, we’ll go over one such provider, EZTexting, and discover whether or not it is HIPAA compliant.
What is EZTexting?
EZTexting is an SMS marketing software that allows businesses of all sizes to communicate with their customers via text which allows for more intimacy and high levels of engagement. In the world of healthcare, EZTexting would ideally allow covered entities to mass communicate with their patients. Additionally, EZTexting includes full-funnel solutions that businesses can use in conjunction with other platforms and channels to further engage with their audience.The business associate agreement and HIPAA compliance
A business associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a covered entity . If a business associate handles, stores, or in any way uses PHI for a covered entity, then a business associate agreement (BAA) must be in place. A BAA is a written contract between a covered entity and a business associate and is required by law for HIPAA compliance. There is no indication in EZTexting's public documentation that it will sign a BAA with customers.Is EZTexting HIPAA compliant?
While you might feel that EZTexting holds the key to some of the most effective marketing practices that any marketing platform could provide, it is important to note that the service is not HIPAA compliant, and using it to transmit PHI could result in hefty fines from HIPAA violations . When asked whether EZTexting is HIPAA compliant, a representative stated the following:Mass messaging companies are inherently not HIPAA compliant, unfortunately, but we do work with a lot of offices that only upload phone numbers.
Although EZTexting will not sign a BAA and has clearly stated that it is not HIPAA compliant, some covered entities choose to work with them anyway for patient scheduling and other administrative tasks. But remember, if you decide to communicate with patients via EZTexting, this associates an individual’s phone number with your practice. Under some legal interpretations, just a name or phone number when coupled with a text message coming from a healthcare provider is PHI, so this can open you up to some serious consequences and major HIPAA fines . While the Federal Communications Commission (FCC) does place stringent rules on the length, frequency, and content of mass text messaging, it is possible for text messaging platforms to be HIPAA compliant if they have the proper technical safeguards in place and are willing to sign a BAA. In this regard, EZTexting is incorrect in its conclusion that “mass messaging companies are inherently not HIPAA compliant.” Covered entities and business associates are better off using a HIPAA compliant texting service that will sign a BAA and has the required level of encryption and security for communicating PHI. Conclusion: EZTexting is not compliant.