As technology continues to evolve, so do the ways in which dental practices communicate with their patients. Text messaging has become a popular method of communication, providing convenience and efficiency for both patients and dental staff. However, it is crucial that any communication is done in a secure and HIPAA-compliant manner.
Our team of HIPAA experts outlines the steps dental practices should take to ensure their text messaging communications are secure and compliant. By following these guidelines, dental practices can use texting as an effective tool for patient communication while maintaining the privacy and security of their protected health information (PHI).
Obtaining more compliant patient communication can be summarized into three crucial steps. First and foremost, dental offices must obtain informed, written consent from all patients before communicating with them via text messaging. Once you’ve received permission, you can proceed with the following steps.
- Use a secure/encrypted text messaging platform to communicate with the patients.
- Obtain informed, written consent from all patients before communicating with them over the texting platform.
- Suppose the patient doesn’t want to use that type of platform. In that case, the office should obtain written consent from the patient spelling out that they understand they are requesting you send information via an unsecured method and that their information could be at risk/exposed.
- Encrypt all employee devices via PIN code/method of authentication for phone access.
- Create a BYOD (Bring Your Own Device) policy for any personal devices being used by staff.
- Integrate Mobile Device Management (MDM) software when using cell phones and other portable media to have the ability to encrypt, track, and wipe information.
How to make sure your texting platform is HIPAA compliant:
Selecting a text messaging platform can be overwhelming. Here are our top 5 things to look out for when weighing your options.
- The platform used for texting has access controls, where only employees who need to see a patient’s PHI have access.
- There are audit logs for the platform, so there are records of who signed in, when they signed in, and what they accessed/what functions were performed.
- The platform/texting is encrypted
- There is a log-in and log-off requirement to send texts (unlike SMS texting).
- Integrity controls/policies are in place for the use of the platform
What is appropriate to text?
Rather than a black-and-white list of things that can and cannot be texted, it is best practice to follow these 2 simple steps when communicating with patients via text messaging. This is of course only after you have signed authorization.
- Avoid disclosing PHI.
- Use the “minimum necessary” rule for patient care.
Text messaging has become a convenient tool for dental practices and patients alike. By following the guidelines above, dental practices can ensure that they are communicating in a secure and HIPAA-compliant way. At HIPAA Secure Now, protection is our top priority. We are passionate about empowering our clients to make secure, informed decisions that make the day-to-day easier for them. Thank you for your continued business and reach out if you have any questions.