Rivas Goldstein, LLP

Call Our Austin Office: 800-761-5190

Celebrating Our 20th Year Representing the Interests of Health Care Professionals and Entities

An Austin Firm Dedicated to
Health Care Law

Attorneys Image
  1. Home
  2.  → 
  3. Health & Health Care Law
  4.  → When is texting patient information a violation of HIPAA?

When is texting patient information a violation of HIPAA?

In the era of instant digital communication, texting has become a common method for sharing information quickly. However, for healthcare professionals, the transmission of patient data via text raises questions about compliance with the Healthcare Insurance Portability and Accountability Act (HIPAA).

It is important for medical professionals to understand the role of HIPAA in communications like sending patient information to another physician for a referral, seeking advice on a diagnosis, communicating a prescription to a pharmacist, or simply updating a patient. The Centers for Medicare and Medicaid Services (CMS) recently sent a memo with clarification on compliance in these matters. Although the agency prefers medical professionals use computerized order entry for patient health information, it will permit incorporation of texting in certain circumstances.

How do these circumstances apply to your practice? The following guidance can help.

Texting patient data to colleagues

When texting patient data for referrals or medical advice, HIPAA compliance is non-negotiable. These tips can better ensure you are on the right side of compliance:

  • Use secure, encrypted messaging platforms that meet HIPAA standards
  • Verify that the recipient is authorized to receive protected health information (PHI)

By implementing these precautions, medical professionals can minimize the risk that collaboration will be viewed as a violation of HIPAA regulations.

Texting pharmacies and patients

The communication of prescription information to pharmacists and updates directly to patients also demands adherence to HIPAA’s strict privacy rules. It is important to obtain explicit patient consent for text communications and limit the amount of PHI disclosed to the minimum necessary.

Texting patient data within the healthcare community can be compliant with HIPAA, provided that appropriate security measures are in place. It is the responsibility of healthcare providers to utilize secure texting solutions and to establish clear, HIPAA-compliant protocols for digital communication. A failure to comply with HIPAA guidelines when texting patient data can have significant legal consequences for healthcare professionals and trigger a board investigation that could threaten the integrity of your medical or professional license.

Attorney John Rivas is responsible for this communication.