Is texting patients a HIPAA violation?
Blog post from Courier
Texting patients is not inherently a HIPAA violation, provided the messages do not contain protected health information (PHI) or are sent through a secure, HIPAA-compliant platform under a business associate agreement (BAA). The core principle is to separate notifications from sensitive data by sending alerts such as "Your results are ready, sign in to view them" without disclosing PHI in the text itself. Compliance involves ensuring content is minimal and generic, obtaining necessary consents under both HIPAA and the Telephone Consumer Protection Act (TCPA), and using secure platforms that support encryption and audit logging. Additionally, the system must be registered for application-to-person texting under A2P 10DLC in the US to avoid message delivery issues. By adhering to these guidelines, healthcare providers can safely and effectively communicate with patients via text without violating privacy regulations.