New Texting Policies and HIPAA: What You Need to Know

texting patient information policy

Texting can raise concerns with privacy, confidentiality, and security. That’s why as recently as 2018, the Centers for Medicare and Medicaid Services (CMS) had a clear stance on texting patient information: avoid it.

But in February 2024, CMS made a clarification to HIPAA compliance rules; and their new guidelines affect anyone who needs to remain HIPAA compliant. Their new position?

“Texting patient information and the texting of patient orders among members of the health care team is permissible, if accomplished through a HIPAA compliant secure texting platform (STP) and in compliance with the Conditions of Participation (CoPs).”

In short, you can text patient information. You just need to use methods that meet the CoP standards for maintaining clinical records, HIPAA standards for data security, and the more recent standards established by the HITECH Act.

What This Means for Care Providers

Over the past few years, there have been significant improvements in both the encryption capabilities and the application interface capabilities of texting platforms. In that time, texting has become exceedingly well suited to transferring electronic health records.

That opens up a huge range of possibilities for providers. Because texting can be a much faster, more reliable, and more efficient way to collect and communicate patient data. Everything from client intake forms to HIPAA release forms can be streamlined.

But it’s mission critical to remain HIPAA complaint — the penalties for failing to do so range from millions in files to jail time.  

How You Can Remain Compliant When Texting Patient Information

The data security provisions for HIPAA compliance are comprehensive, and including the need for administrative policies, physical protections, and a variety of technical controls to safeguard patient data. Relevant data needs to be identified, risk assessments need to be done, and best practices for IT must be followed. Ensure all systems are compliant with the requirements of the HITECH Act and HIPAA, and they are following the Conditions of Participation (CoPs).

All of that is easier with FormDr. With a few clicks, you can create and distribute a consent form, an intake form, a medical release form, or just about any other medical form you can imagine. From collecting insurance information to distributing automated appointment reminders, we can help ensure your online interactions remain completely HIPAA compliant.

Our online form builder makes creating and distributing any HIPAA form as simple as a few clicks, and our text message invitation system is among the easiest and most accessible way to deliver HIPAA compliant patient intake.

Taking full advantage of these new texting policies requires the right tools. If you need to create, send, or receive HIPAA compliant forms, learn more about how we can help.