HIPAA Compliant Messaging Do’s and Don’ts

hipaa,secure text messaging

With the vast majority of Americans using cell phones regularly, text messaging tools are an effective way of communicating with patients and monitoring their health.

Like all forms of healthcare related communication, it is critical to understand the “rules of the road” when it comes to texting and HIPAA compliance.  

While texting has been around for a long time, using this channel to support provider-to-patient communication is relatively new and, frankly, uncomfortable for some given HIPAA related concerns. That’s why we’ve compiled a list of some of the basic do’s and don'ts to consider when formulating compliant policies and training your team on the best practices for messaging patients.


  • Implement formal texting policies (including consent guidelines) so that staff and patients understand how this method of contact should be used and its intent.

  • When communicating via text messaging, ensure that the message does not reveal any personal details or delve into the specifics of the treatment or encounter (i.e., does not include protected health information).

  • Remember that this medium is typically used for short-form messaging, try to keep texts short and straight forward, making sure the “call to action” is clear.

  • If there is a need to send patients treatment-specific instructions, include a web link in the text that takes them to secure content (e.g., a patient portal or secure web application). Make sure that the source you are linking to is mobile responsive - this will ensure a positive patient experience.

  • Understand that HIPAA requires distinctions be made between marketing products and offering advice to patients about their specific conditions. Sending patients refill reminders is not considered to be a marketing practice and could be a helpful way of ensuring that patients are filling their medications. This is particularly important as 1 in 5 prescriptions are never filled. These messages are considered to be a form of treatment though, so it’s important to pay careful attention the information included in the body of the message.

  • In the cases where just-in-time messaging is required, create texting “templates” for clinicians and staff to utilize. This will not only increase the speed of their responses, but will also give them HIPAA compliant messages to turn to.

  • Use a vendor partner that securely maintains information such as patient interaction history, message delivery status and patient responses.

HIPAA Don’ts

  • Forget to stay cognizant of the language used when communicating with patients via text. It is important to ensure that the message is clear and concise.

  • Use “text speak” or abbreviations that patients may not understand.

  • Underestimate the valuable role that HIPAA compliant text messaging can have when working as part of a care team. When utilized properly, this can be an excellent way of keeping members of the team up-to-date on a patient’s care and status.

  • Forget that photos of a patient’s entire face or similar images are considered to be personal identifiers under HIPAA. To avoid a violation, be cognizant of the type of images that you are sending, and whether or not your texting tool is equipped to send them securely.  

These are just a few strategies to make the transition to texting patients a smoother one for both clients and clinicians. Developing strong texting policies and procedures early in the implementation process will ensure that your organization is compliant and that patients receive timely and relevant messages. To find more information on HIPAA guidelines and how they apply to your practice, consult

Grab Your Case Study