Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Medical Office Manager
 Get Our Daily eNewsletter, MOMAlert, and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!

Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives
Plus, You Get FREE Webinars, and MUCH MORE!

Emailing and texting patients: how to keep it legal and safe

These days almost everyone uses email, and many people, especially younger people, are comfortable texting as well. According to a 2015 report by the Pew Research Center, text messaging is the most widely used feature of smartphones. The convenience of electronic communications is undeniable. But is it a safe and legal way to communicate with patients?

State regulations vary—so be sure to check the laws in your state—but exchanging emails and texts with patients is allowed under HIPAA, as long as you take a few precautions.

“The patient has to be informed of the risks and give consent,” explains Steven Waldren, physician and director of the American Academy of Family Physician’s Alliance for eHealth Innovation.

In addition, you need to make sure any devices you use to communicate with patients are encrypted. One of the most common sources of privacy breaches is stolen or lost devices (phones, tablets, laptops), says Waldren. If the data on the device is encrypted to HIPAA standards, a lost device is not a violation, so be sure yours are all adequately encrypted. It’s also important to have a policy on file for safe use of communications devices and how employees should report a lost device.

While texting with patients can be HIPAA compliant, it’s still a good idea to use some caution about what you put in those messages. “It’s probably not a problem with colds and that kind of thing,” says Waldren, “but I wouldn’t discuss STIs or mental illness, for example.”

More than privacy

As important as it is to protect patient information, potential problems with texts and emails don’t stop with privacy. Advancing Care Information (ACI—the new incarnation of Meaningful Use) requires continuity of care.

Every patient encounter, where real or virtual, must be documented in the patient’s record, explains Ron Sterling president of Sterling Solutions, a health care information technology consulting firm in Silver Spring, MD. Even though we tend to think of emails and texts as a distressingly permanent record of our every conversation, it is not that easy to keep up with random communication in cyberspace.

A quick email from a patient asking for clarification about what time of day to take a medication might require only a quick answer to satisfy the patient’s concerns. Or a patient might text because he’s worried about a harmless symptom. In both of these cases, the doctor’s response is little more than a confirmation or reassurance that everything’s fine.

Even so, the exchanges must be documented. If you keep a record of all emails and texts to and from patients, you may think you have that covered, but it is surprisingly easy for things to fall through the cracks. Even if the information exists somewhere, it is not a part of the patient’s record if you don’t put it there, and keeping track of all of these email and text threads and making sure they are part of the official documentation may be more than an average practice has time for. 

Beyond the ACI, Sterling points out, a patchwork quilt of messages that can be easily lost in a tangle of back-and-forth emails and texts can compromise patient care. It is probably safest to limit all electronic communications to the portal—that way everything is documented and encrypted.

At least for now

If patients specifically ask for email and text, you can explain that in order to protect their privacy and to keep their health records secure, you prefer to communicate through your patient portal—at least for now.

For some practices, whether and how to use texts and emails may not be an issue, but it probably will be eventually.

“We have an older patient base, and it is rare for a patient to request email communication. When they do, we direct them to the portal,” says Teri Tolbert, compliance and credentialing manager at Norwood Clinic in Birmingham, AL.

This strategy works well for the large multi-practice group. “Even though some older patients needed a little help getting started with the portal, more of them are using it than I expected. They are even requesting appointments through the portal,” Tolbert says.

With older patients getting more tech savvy, and younger generations having never lived in a world that didn’t text and email, this kind of communication may be inevitable. As safety practices and protocols improve, and EHR software evolves to make it easier to incorporate external messages into the record, using texts and emails will likely become less fraught. But for now, it should be done with caution.

Avery Hurt is a freelance writer based in Birmingham, Ala. She often writes about medical economics and the intersection of medicine and social policy.

Editor’s picks:

HIPAA security can fail if the office doesn’t take common-sense precautions

Beware of HIPAA-related text messaging risks

HIPAA is now striking small offices; the first hit is on mobile devices









Try Premium Membership