A Healthcare Practice Guide to Texting Patients

March 4, 2020 by Antonio Arias, MBA, CHBME

Topics: Practice Management, Medical Billing Company

From employees texting bosses to business owners texting customers, many of the unwritten rules and tentative boundaries that once defined who should be texting whom and what accounted for “appropriate” texting behavior have largely fallen away. Overall, that’s a welcome development for most folks who find the convenience, clarity, and quickness of texting preferable to traditional voice-to-voice conversation.

But the healthcare system is a somewhat different story. Mobile texting’s rise in the world of hospitals, medical offices, and medical billing companies has been shakier than in many other industries, thanks to valid, worthwhile concerns over patient privacy and the sensitive nature of healthcare information at large. While not every medical practice has a healthcare texting policy in place, developing clear guidelines can help eliminate confusion and potential liability when it comes to texting patients.

4 Considerations When Texting Patients

Even if your healthcare establishment has a highly limited relationship with health text messages (either because it’s prohibited or only used for patient reminders and alerts), it’s worth revisiting what is and isn’t ok when it comes to texting among doctors, patients, and staff. Keep the following tips in mind whenever you unlock your smartphone to ping someone in your medical practice’s orbit.

Don’t Forget About HIPAA Texting Rules

The HIPAA/HITECH privacy and security rules cover any communications with electronic protected health information (ePHI) – including email, social media, and-yes-text messaging – and violations can earn you fines of up to $50,000. Health text messages without PHI, however, are permitted under HIPAA texting guidelines, even if they mention a patient’s name.

Understand Your Risks

Stay mindful that even non-traditional privacy violations related to texting can put your practice in hot water over HIPAA. After learning doctors at a nursing home had been requesting patient information be sent via text, the CMS intervened with a 10-point remediation plan that required the facility to retrain staff, appoint a HIPAA security officer, and revise its policies and procedures. Notably, they saddled the organization with the compliance program even without evidence that the PHI-loaded messages had ever been viewed by an unauthorized party. The lesson: lock up your texting now, since you don’t even have to “get caught” to get in trouble.

Be Proactive on Security

If communicating PHI via text is vitally important to your practice (due to reasons related to geography, convenience, accessibility, or anything else), then you need to go about it with an eye for hyper-vigilant HIPAA compliance. Contract with a healthcare-specific texting service (more on these platforms in a moment), making certain that their offering meets HIPAA’s minimum requirements, including:

  • A high level of physical security, controls, and ongoing risk assessments for the service’s onsite or offsite data center
  • Encryption of PHI in both ‘in transit’ and ‘at rest’ states of communication
  • Authentication of intended recipient’s receipt
  • Controls enabling all messaging activity to be recorded and/or audited

Think Beyond Patient Health

Don’t forget to stay diligent about all texting communications among your doctors and staff – even those that have nothing to do with patient health. Text messages are highly vulnerable to hacks, data breaches, and plain-old prying eyes – making common-sense caution a huge priority. Instruct your team to never share medical billing details, patient identifiers, or any financial information via SMS. If they do, they’re simply putting the financial health of your practice management (and your patients) at risk.

Understanding SMS Text Marketing

It's no secret that the current generation of consumers is much different than 20 years ago (and even 10 years ago). Regardless of what we’re buying or who we’re engaging with, we want communication to be as quick and easy as possible—and preferably from our mobile devices.

One tactic that has performed exceptionally well across a variety of industries is short message service (SMS) marketing, also known as text message marketing. How well has it performed? Here are some notable stats to give you an idea:

  • 90% of SMS messages are read in the first 3 minutes.
  • 82% of people say they open every text message they receive.
  • 19% of links in text messages are clicked.
  • 70% of customers say SMS is good for businesses to get their attention.
  • 59% of users want their communications function built into the phone, not as a separate app.
  • 45% is the average response rate for SMS.

Many businesses overlook SMS as a platform for communication. But the truth is, many consumers don’t want to log into an app, sift through their emails, or go to a website to get the content they want. And SMS marketing is a very convenient way of meeting your potential customers where they already are.

Many medical practices are already utilizing this convenient platform for scheduling appointments and sending appointment reminders, sending patient-satisfaction surveys, offering promotions or health tips, sending reminders for preventative care, and more. 

When Texting Patients Becomes A Problem

NCG Medical

Convenient as it may be for sending reminders, promotions, and surveys, texting patients can also become an expectation for all areas of their experience with your practice—extending to communication from (and to) their physician.

Imagine this scenario: A patient comes into a dermatologist’s office with a case of contact dermatitis. The dermatologist prescribes a medication for the patient to use throughout the next week. Then the patient informs the physician that they will be vacationing during that time and asks to have the physician’s personal cell phone number in order to send photos for the physician to monitor the condition.

When patients are prompted with texts from the practice for other aspects of their visit (scheduling, reminders, etc.), it’s understandable that they assume the same communication can be done directly between patient and physician.

However, there are some problems with this assumption. First, there are HIPAA texting regulations to consider. Under the HIPAA Security Rule, physicians and other entities covered by HIPAA must conduct a risk assessment to determine how the privacy and security of protected health information (PHI) could be compromised when it is communicated electronically.

Secondly, most physicians (regardless of specialty) are just plain busy throughout the day seeing other patients. They’d rather not be bothered with texting patients throughout the day. 

Choosing the Best HIPAA Compliant Texting App

So if patients expect (or just prefer) texting as a method of communication with their physicians, what can be done to provide a good compromise? One of the most manageable options is to select a HIPAA texting compliant patient-communication platform that works well for your practice.


OhMD is a widely used platform that offers HIPAA texting compliant two-way messaging, live web chats, file delivery, reminders, broadcasts, and more. It helps with streamlining patient follow-ups, addressing health concerns, and scheduling future visits, as well as securely sending photos and links with sensitive patient information. It also prevents physicians from feeling like they need to give out cell phone numbers or reply to messages after hours—OhMD allows for automated messages to be sent directly via text. No need for patients to download an app, sift through emails, or dig up a buried voicemail to find important information from their physician.

DocsInk Messenger

Another top choice for HIPAA texting compliant secure messaging is DocsInk, which is used by thousands of healthcare professionals every day. DocsInk Messenger offers consult requests with accept/decline options, broadcast messaging, a rapid-response page feature, video chat and conferencing, secure document sharing within a compliant cloud, public and private group tags, user-based privileges, and other helpful features to facilitate day-to-day internal and patient communication. This tool works well with surgical facilities, hospitals, primary care clinics, home health companies, multi-specialty clinics, and more.


TigerConnect provides centralized data and communications on a single platform. It’s mobile-friendly with 99.99% uptime and real-time patient data. And with annual audits from the HITRUST Alliance to ensure the highest standards of security, patients and providers can rest assured sensitive data is kept completely safe. The TigerTouch® feature provides an easy, secure way to communicate with patients, family members, and primary care physicians, with the ability to exchange care instructions, photos, videos, and other important medical documents.

Is Your Healthcare Texting Policy Up to the Task?

Even if your healthcare practice doesn’t plan to utilize SMS text marketing or send health text messages to your patients, it’s a good idea to have a policy in place that clarifies how you intend to handle issues that may arise. All it takes is one person in your office to send a text message to expose your practice to HIPAA texting violations. By clearly outlining your policy on texting patients, you can protect your practice (and your patients’ health information) and ensure everyone is following the same procedures when it comes to health text messages.


For more ways to help your medical practice thrive, contact NCG Medical now or view our other helpful blog articles today!



Subscribe to Our Blog

Stay in-the-know on trends, best practices, and news affecting the medical billing industry!