Page 1

Remaining HIPAA Compliant While Utilizing Electronic Communication in Healthcare

Technological advancements in electronic communication, primarily emails and SMS (Short Message Service) text messages have not only changed the way communications are received, but how business is done. From major corporations to small companies, emails and text messages have innovated marketing in industries across the board. Healthcare providers are now turning to these forms of communication as a way not only to remind their patients are upcoming appointments, but to engage in research studies, medical condition management and advertising. With healthcare’s growing integration of text messaging and emails in their services, there has also been concern of HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule compliance. In the following document HIPPA compliance in relation to these forms of communication (email and text messaging) will be discussed. What is HIPPA? HIPPA or the Health Insurance Portability and Accountability Act was enacted in 1996 by Congress to provide individuals security for the privacy of their health information and limit the opportunities for this information to be unnecessarily disclosed. The rules cover PHI (Protected Health Information) which includes: •

The person’s physical/mental health condition currently, in the past or in the future.

The person’s current, past and future healthcare payment amount and type.

Any identifying information such as name, date of birth, Social Security and address.

How is HIPAA compliance maintained? To maintain HIPPA compliance healthcare providers must uphold certain best practices to safeguard PHI, such as: •

Limit who can view and access PHI as well as have in place protocols and programs to protect the information.

Engage in administrative, technical and physical best practices to limit information disclosure.

What does this mean for electronic communication? When HIPAA was created in 1996, electronic communication was not as common as it has become over a decade later. The original act was not created with these forms of communication in mind and has not been modified to distinctly reflect these trends since. As these mediums rise in popularity, a certain level of ambiguity still remains when discussing HIPAA’s position on this subject and is still in many cases up to the provider’s discretion and best judgment. That being said, precautions still need to be upheld to protect the individual and fulfill basic HIPAA regulations. Under the Privacy Rule, individuals have to right to approve or deny a health care provider’s alternative communication method (i.e. email and text messaging). If an individual (patient) initiates the communication with the provider through electronic means, the provider can assume that electronic communications are acceptable to the individual. The provider also has the right inform the individual of the possible risks of electronic communication and let them decide whether or not to continue receiving them. The key in both situations is to limit risk of sensitive PHI being released. Providers need to protect themselves by 1) limiting the amount of PHI in the message 2) confirming the phone number or email of individual 3) encrypting the data if possible. Both emails and text messages propose the risk of having the message sent to the wrong person or be intercepted while en route. Phone numbers and emails should always be confirmed before any PHI is sent. While encryption seems like an ideal way to ensure privacy, newer iPhones and Android smart phone devices do not support encrypted text messages and third party applications may need to be enabled for individuals to receive encrypted emails. Privacy statements should be included informing the recipient of the potential risk of email or text message communication and who to contact if this message was sent to the work address or number. For more information visit us at

Remaining HIPAA Compliant While Utilizing Electronic Communication in Healthcare  
Remaining HIPAA Compliant While Utilizing Electronic Communication in Healthcare  

With the ubiquity of emails and text messages in everyday life, more and more healthcare providers are turning to these alternatives forms o...