IN BRIEF

Texting Patients and HIPAA Compliance

July 1 2025 Marty Kotlar
IN BRIEF
Texting Patients and HIPAA Compliance
July 1 2025 Marty Kotlar


Texting Patients and HIPAA Compliance

By Marty Kotlar DC, CPCO, CBCS

When shopping for a text-messaging platform vendor, it is crucial to consider Health Insurance Portability and Accountability Act (HIPAA) guidelines and standards that protect patients’ health information. Ensure the texting platform uses end-to-end enciyption to protect data during transit and storage.

Can the platform implement robust user authentication mechanisms to prevent unauthorized access? Is it able to provide and maintain detailed logs of all communication activities and track access, changes, and user interactions?

The texting platform should store data securely, preferably on HIPAA-compliant servers. Make sure the vendor will sign a business associate agreement (BAA) with you, establishing their HIPAA compliance responsibility.

Lastly, educate your employees about HIPAA regulations and best practices for handling patient information on the texting platform. It’s essential to consult qualified professionals to ensure your texting platform adheres to HIPAA requirements and privacy effectively.

When using a messaging platform, it is crucial to consider protected health information (PHI), which includes any information that can identify an individual and is related to their health condition, treatment, or payment for healthcare services. You can do several things to ensure your office follows the rules and keeps patient information secure. Let’s dive into some of those best practices now.

Minimize patient details: Avoid including identifying patient details in text messages. Be cautious about the information you share and limit it to what is necessary for communication, reducing the risk of unauthorized access or disclosure of patient information.

Use secure messaging platforms: Choose platforms that enciypt the content of your text messages. These platforms provide an extra layer of protection for sensitive information, ensuring it remains secure during transmission.

Implement two-factor authentication: Use for added security and unique user IDs and credentials to control access to the texting platform.

Obtain patient consent: Before sending any confidential information via text message, obtain explicit patient consent. Ensure that patients understand the risks involved and give informed consent to communicate their health information through text messages. Note that appointment reminders are considered part of the treatment of an individual and, therefore, can be made without authorization.

Patient records: Text messages that contain clinical information should be treated and documented like a telephone call in which medical information is relayed or requested. Text messages should not contain discussions, opinions, or comments that would not be included in the medical record.

Train your staff: Provide comprehensive training on privacy and security protocols. Educate them on the importance of safeguarding patient information and the necessary steps to ensure compliance when using text messages for communication.

Business associate agreement: Select a service provider willing to sign a business associate agreement (BAA) to ensure they adhere to HIPAA regulations.

Auditing protocols: Implement auditing controls, perform regular audits to monitor and track users’ access, and ensure that only authorized individuals can access the PHI.

Documentation: Implement policies and procedures that outline acceptable and unacceptable use of the messaging platform. Perform and document regular audit processes for the messaging platform.

These guidelines are crucial for safeguarding patient confidentiality and preventing potential HIPAA violations when using messaging platforms as a communication method.


Marty Kotlar, DC, CPCO, CBCS, is the president of Target Coding. Over the past 15 years, Target Coding has helped hundreds of healthcare providers with compliance as it relates to billing, coding, documentation, Medicare, and HIPAA. Dr. Kotlar is certified in compliance, a certified coding specialist, a contributing author to many coding and compliance publications, and a guest speaker at many state association conventions. He can be reached at 800-270-7044, or visit TarqetCodinq.com, or [email protected]. Email [email protected] for a complimentary billing and coding and HIPAA compliance consultation.