A Healthcare Practice's Guide to Texting Patients

March 19, 2021 by Antonio Arias, MBA, CHBME

Topics: Practice Management, Medical Billing Company

doctor using mobile device

From employees texting bosses to business owners texting customers, many of the unwritten rules and tentative boundaries that once defined who should be texting whom and what accounted for “appropriate” texting behavior have largely fallen away. Overall, that’s a welcome development for most folks who find the convenience, clarity, and quickness of texting preferable to the traditional voice-to-voice conversation.

But the healthcare practice system is a somewhat different story. Mobile texting’s rise in the world of hospitals, medical offices, and medical billing companies has been shakier than in many other industries, thanks to valid, worthwhile concerns over patient privacy and the sensitive nature of healthcare information at large. While not every practice has a medical texting policy in place, developing clear guidelines for texting medical information can help eliminate confusion and potential liability when it comes to messaging patients.

Quick Links:

Why Medical Texting is on the Rise

doctor using smartphone to text patients

Regardless of what we’re buying or who we’re engaging with, modern consumers want communication to be as quick and easy as possible—and preferably from mobile devices.

One tactic that has performed exceptionally well across a variety of industries is short message service (SMS) marketing, also known as text message marketing. How well has it performed? Here are some notable stats to give you an idea:

  • 90% of SMS messages are read in the first 3 minutes.
  • 82% of people say they open every text message they receive.
  • 19% of links in text messages are clicked.
  • 70% of customers say SMS is good for businesses to get their attention.
  • 59% of users want their communications function built into the phone, not as a separate app.
  • 45% is the average response rate for SMS.

Many businesses overlook SMS as a platform for communication. But the truth is, many consumers don’t want to log into an app, sift through their emails, or go to a website to get the content they want. And SMS marketing is a very convenient way of meeting your potential customers where they already are.

Many medical practices are already utilizing this convenient platform for scheduling appointments and sending appointment reminders, sending patient-satisfaction surveys, offering promotions or health tips, sending reminders for preventative care, and more. However, if you think those above stats are not representative of the healthcare field, then here are some to prove you otherwise:

  • 75% of millennials think that text is a helpful way to receive appointment reminders.
  • 30% of people who have visited the dentist in the last 2.5 years say that text messages are their preferred method of appointment reminder, making it the most popular response.
  • It takes 90 minutes for a response to an average email and only 90 seconds for a response to an average text message. Switching from email to text messaging increases your communication efficiency by 6000% via text messaging.

Considering that a whopping 97% of Americans use text messaging, it’s safe to say that the vast majority - if not all of -  your patients use texting daily. If your healthcare practice isn’t sure whether to adopt texting patient information, then you at least can be confident that your competition will. 

Texting medical information is becoming the first choice to send secure information according to a survey of 770 hospital professionals and 1,279 physician practices - which found that 85 percent of hospitals and 83 percent of physician practices are using secure communication platforms. And, considering that 64% of people prefer text over voice as a customer service channel, you don’t want your lack of texting to be a competitive edge for others.

5 Considerations When Texting Patients

Even if your healthcare practice has a highly limited relationship with health text messages (either because it’s prohibited or only used for patient reminders and alerts), it’s worth revisiting what is and isn’t ok when it comes to texting among doctors, patients, and staff. Keep the following tips in mind whenever you unlock your smartphone to ping someone in your medical practice’s orbit.

Don’t Forget About HIPAA Texting Rules

The HIPAA/HITECH privacy and security rules cover any communications with electronic protected health information (ePHI), including email, social media, and text messaging.  Violations can earn you fines of up to $50,000. Health text messages without PHI, however, are permitted under HIPAA texting guidelines, even if they mention a patient’s name.

Understand Your Risks

Stay mindful that even non-traditional privacy violations related to medical texting can put your practice in hot water over HIPAA. After learning doctors at a nursing home had been requesting patient information be sent via text, the CMS intervened with a 10-point remediation plan that required the facility to retrain staff, appoint a HIPAA security officer, and revise its policies and procedures. Notably, they saddled the organization with the compliance program even without evidence that the PHI-loaded messages had ever been viewed by an unauthorized party. The lesson: lock up your texting now, since you don’t even have to “get caught” to get in trouble.

Be Proactive on Data Security

If communicating PHI via text is vitally important to your practice (due to reasons related to geography, convenience, accessibility, or anything else), then you need to go about it with an eye for hyper-vigilant HIPAA compliance. Contract with a healthcare-specific texting service (more on these platforms in a moment), making certain that their offering meets HIPAA’s minimum requirements, including:

  • A high level of physical security, controls, and ongoing risk assessments for the service’s onsite or offsite data center.
  • Encryption of PHI in both ‘in transit’ and ‘at rest’ states of communication.
  • Authentication of intended recipient’s receipt.
  • Controls enabling all messaging activity to be recorded and/or audited.

Remember To Ask For Consent

When it comes to texting medical information to patients, you must have their consent first and foremost. Failing to ask consent will place you in strict violation of the Telephone Consumer Protection Act (TCPA), which can carry serious fines for those who fail to comply. Patients cannot verbally consent for you to begin texting patient information to them; your healthcare practice must have written consent from any patient before messaging begins. Whether through a paper or electronic form, your patients must put it in writing that they consent to text messaging from your health practice.  

Think Beyond Patient Health

Don’t forget to stay diligent about all texting communications among your doctors and staff – even those that have nothing to do with patient health. Text messages are highly vulnerable to hacks, data breaches, and plain-old prying eyes – making common-sense caution a huge priority. Instruct your team to never share medical billing details, patient identifiers, or any financial information via SMS. If they do, they’re simply putting the financial health of your practice management (and your patients) at risk.

HIPAA Texting Rules to Be Aware Of

HIPAA Compliance

Any text message that contains a patient’s protected health information (PHI) must adhere to HIPAA regulations. Here are the texting regulations your healthcare practice needs to be aware of to ensure patient privacy and security - while also avoiding fines. 

Manage who is Authorized to Access PHI when Texting

According to HIPAA regulations, healthcare organizations are required to securely manage who has the privilege and right to access, edit, and distribute sensitive data information. This includes establishing procedures and policies for managing who has access to patient data. While the kind of access software, controls, and systems is up to each healthcare practice, the HIPAA Security Rule requires the following safeguards:

Unique User IDS

All people with access to PHI texting must have a unique user identification name or number for tracking. Secure text messaging requires authorized users to use a unique ID to send, receive, and access, any HIPAA-compliant text messages.

Emergency Access Procedures

Covered entities must have the proper workflows to access PHI in the event of an emergency. This includes determining who should be granted access to PHI in emergency situations. 

Automatic Logoff

Users with a secure text messaging platform must be automatically logged off after a period of inactivity. This prevents any unauthorized usage of PHI while someone’s device is still open.  

Text Message Encryption

All secure text messaging must be encrypted to prevent unauthorized access. Both the receiver and sender must have the proper encryption requirements for text messages containing PHI in transit and at-rest.

Implement Audit and Reporting Controls 

HIPAA requires that all healthcare practices that are texting patient information must implement audit controls and reporting processes to review and document any PHI activity. This allows for any risks to be identified and analyzed that may result in the PHI software security. These controls apply to any secure text messaging platform that sends and stores messages containing PHI on both organizational or personal computers and mobile devices. 

Maintain PHI Integrity

Healthcare practices must ensure that no PHI is improperly altered or destroyed during texting. If any sensitive patient information is accidentally or intentionally changed by human error or a technical failure, then the PHI is compromised. HIPAA required that there are technical safeguards in place to ensure that PHI is not at risk of being compromised during secure text messaging. 

Provide Proof of Identity 

HIPAA texting rules dictate that all users accessing PHI must authenticate their identity. Authentication methods may include: 

  • Multi-character passwords.
  • Smart card, key, or token.
  • Biometric identifiers, such as voice pattern or facial recognition.

These authentication credentials are required for both patients and the healthcare professional s sending HIPAA compliance text messages. 

Choosing the Best HIPAA Compliant Medical Texting App

So if patients expect (or just prefer) texting as a method of communication with their physicians, what can be done to provide a good compromise? One of the most manageable options is to select a HIPAA texting compliant patient-communication platform that works well for your practice.


OMDhMD is a widely used platform that offers HIPAA texting compliant two-way messaging, live web chats, file delivery, reminders, broadcasts, and more. It helps with streamlining patient follow-ups, addressing health concerns, and scheduling future visits, as well as securely sending photos and links with sensitive patient information. It also prevents physicians from feeling like they need to give out cell phone numbers or reply to messages after hours—OhMD allows for automated messages to be sent directly via text. No need for patients to download an app, sift through emails, or dig up a buried voicemail to find important information from their physician.

DocsInk Messenger

Another top choice for HIPAA texting compliant secure messaging is DocsInk, which is used by thousands of healthcare professionals every day. DocsInk Messenger offers consult requests with accept/decline options, broadcast messaging, a rapid-response page feature, video chat and conferencing, secure document sharing within a compliant cloud, public and private group tags, user-based privileges, and other helpful features to facilitate day-to-day internal and patient communication. This tool works well with surgical facilities, hospitals, primary care clinics, home health companies, multi-specialty clinics, and more.


TigerConnect provides centralized data and communications on a single platform. It’s mobile-friendly with 99.99% uptime and real-time patient data. And with annual audits from the HITRUST Alliance to ensure the highest standards of security, patients and providers can rest assured sensitive data is kept completely safe. The TigerTouch® feature provides an easy, secure way to communicate with patients, family members, and primary care physicians, with the ability to exchange care instructions, photos, videos, and other important medical documents.

Challenges of Texting in Healthcare—And What to do When Texting Patients Becomes A Problem

Convenient as it may be for sending reminders, promotions, and surveys, texting patients can also become an expectation for all areas of their experience with your practice—extending to communication from (and to) their physician.

Imagine this scenario: A patient comes into a dermatologist’s office with a case of contact dermatitis. The dermatologist prescribes a medication for the patient to use throughout the next week. Then the patient informs the physician that they will be vacationing during that time and asks to have the physician’s cell phone number to send photos for the physician to monitor the condition.

When patients are prompted with texts from the practice for other aspects of their visit (scheduling, reminders, etc.), it’s understandable that they assume the same communication can be done directly between patient and physician.

However, there are some problems with this assumption. First, there are the above-mentioned HIPAA texting regulations to consider. Under the HIPAA Security Rule, physicians and other entities covered by HIPAA must conduct a risk assessment to determine how the privacy and security of protected health information (PHI) could be compromised when it is communicated electronically. Secondly, most physicians (regardless of specialty) are just plain busy throughout the day seeing other patients. They’d rather not be bothered with texting patients throughout the day. 

By developing a comprehensive healthcare texting policy that is easily accessible for patients, your healthcare practice can easily share your risk mitigation strategies and standard procedures for texting medical information. This includes sharing with patients the security measures your healthcare practice has in place to adhere to HIPAA texting rules as well as any other measures. By doing so, your healthcare practice can better mitigate some of the challenges with texting health information with patients and instead reap the benefits

Is Your Healthcare Texting Policy Up to the Task?

Even if your healthcare practice doesn’t plan to utilize SMS text marketing or send health text messages to your patients, it’s a good idea to have a medical texting policy in place that clarifies how you intend to handle issues that may arise. All it takes is one person in your office to send a text message to expose your practice to HIPAA texting violations. By clearly outlining your policy on texting patients, you can protect your practice (and your patients’ health information) and ensure everyone is following the same procedures when it comes to health text messages.

And, if your healthcare practice needs any guidance concerning guidelines of patient text messages, billing best practices, and practice management, please reach out to the experts at NCG Medical. Our team would be happy to help your medical practice navigate the complexities of medical billing, practice management, HIPAA compliance, and more so you can improve your revenue cycle management and focus on delivering stellar patient care!

For more ways to help your medical practice thrive, contact NCG Medical now or view our other helpful blog articles today!



Subscribe to Our Blog

Stay in-the-know on trends, best practices, and news affecting the medical billing industry!