Considerations for Texting PHI


Today it is increasingly important for physicians and providers to be quickly reachable and accessible regarding their patient’s care.  Text messaging is considered to be the fastest and most effective means of sending information in a given situation.



It is important for providers to understand the rules and regulations they must abide by to still be in compliance with HIPAA and other regulations. 


Both the Joint Commission and CMS have gone back and forth on their guidance and allowance of text messaging in health care.  They have both previously released statements that the use of text messages in health care is prohibited due to security and privacy concerns.  However they have both since then changed their positions to permit text messaging, provided a secure messaging platform is used. 


With this being said, both the Joint Commission and CMS have placed bans on sending orders for patient care through text messages.  Texting orders from a provider to a member of the care team is not allowed.


Health care organizations which utilize text messaging, must use and maintain text messaging systems and platforms that are secure.  This means that the following must be in place:

  • There must be encryption in place for the transmission of messages

  • The risks to confidentiality, integrity, and availability of Protected Health Information (PHI) must be assessed and minimized

  • Procedures must be Implemented that routinely assess security and integrity of texting platforms utilized


Important consideration: If text messages are used to make decisions about patient care, then patients may be subject to the rights of access and amendment of those messages.  Therefore, the practice must consider how those messages will be placed in the medical record.  If the practice can not provide patients with access to such text messages, and deny patient’s their right of access and amendment, then the organization will face noncompliance with the Privacy Rule of HIPAA.


Some important controls for practices to consider for having a text messaging platform in place include:

  • Policies and procedures for text messaging communications

  • Employee training

  • Password protection and encryption of devices

  • Inventory of devices utilizing this form of communication

  • Proper sanitization of devices as appropriate

  • Annotation in the medical record with any PHI transmitted via text



It is seen now by many that text messages are essential for effective communication between care members.  While it can benefit patient care in many ways, it is important for health care providers to consider the controls that need to be in place for proper compliance and to protect patient’s privacy and security.


If you find this information to be useful, please subscribe to our blog here.