How to Create HIPAA-Compliant SMS Appointment Reminders
The world we live in is a busy one. Our calendars are filled with notes: work hours, social plans, important events, and yes, appointments too. It can be hard to keep track of everything, and it can come as a great relief to have a trusted source you can rely on to remind you of vital medical appointments you can't afford to miss. Receiving these reminders by text, where you will be most likely to see them in real-time, can make all the difference especially with hard to get appointments.
Of course, SMS appointment reminders are valuable for medical organizations too. Appointment reminders increase attendance, which can increase revenue and scheduling efficiency—not to mention patient compliance.
At the same time, the Health Insurance Portability and Accountability Act (HIPAA) outlines certain regulations for appointment-related texts that must be followed to preserve patient privacy and minimize your legal liability. Understanding those regulations will enable you to create HIPAA-compliant SMS appointment reminders with confidence.
HIPAA Regulations for Text Message Appointment Reminders
The first question many healthcare providers ask is, "Are SMS appointment reminders even allowed under HIPAA?" The answer is yes. The Department of Health and Human Services officially states that text reminders are considered part of the treatment process and do not require special authorization to implement.
The next question is, “What HIPAA regulations apply to the contents of appointment reminders sent by text?” The key is to avoid giving more information than necessary to jog the patient's memory.
Do NOT include the following information in an SMS appointment reminder:
- The patient's name
- The physician's specialty
- The patient's diagnosis
- Details about the treatment plan
So what should an SMS appointment reminder include? At the very least, it should contain the appointment date and time, the physician's name, and instructions for canceling or modifying the appointment if necessary. This might mean including a phone number the patient can call for help, a link to an online appointment scheduling portal, or keywords they can use to change their appointment via text.
Composing HIPAA-Compliant SMS Appointment Reminders
It can be a little tricky to strike a good balance between HIPAA compliance and giving enough context to ensure text reminders make sense to their recipients.
First, let's take a look at two examples of SMS appointment reminders that need some improvement:
Susan Jones has an appt w/ Dr. Liu @ GetWell Gynecology at 3 PM on Mon 3/12 to discuss birth control. Reply Y to confirm or N to cancel.
This example gives away too much private information and would not be considered HIPAA-compliant for several reasons.
- Including the patient's name isn't permitted. Additionally, it is unnecessary as the recipient will have opted-in to text alerts using their phone number.
- Including the organization's name is also prohibited as it indicates the doctor's area of expertise.
- This text also includes specific details about the reason for the patient's visit, which is an especially egregious violation.
Reminder: appt at CityHealth at 3 PM. Confirm or cancel?
This example represents the opposite extreme: it is HIPAA-compliant but does not contain enough information to be helpful to a potentially forgetful patient.
- The organization name is acceptable to include from a HIPAA standpoint but is so broad that the patient may not remember what the appointment is for—particularly if they have more than one upcoming visit at this location.
- This text indicates the time but not the date. Even if the reminder is sent on the day of the appointment, it is important to include the date for those patients who may have difficulties with their memory.
- Simply asking "Confirm or cancel?" does not clearly indicate how the patient should respond in order to complete either action.
So what does a good HIPAA-compliant SMS reminder look like?
You have an appt w/ Aditya Singh @ 1:30 PM on Tue 6/17. Please arrive 10 min early for check-in. Text Y to confirm or call [phone number] to change/cancel.
This text is both compliant and an effective appointment reminder for the following reasons:
- Using "you" in place of a name protects patient privacy while maintaining a somewhat personal touch.
- Using the doctor's name helps a patient to remember which appointment this reminder is for without giving away unnecessary, sensitive details about the nature of the visit.
- Including both the date and time is key for ensuring attendance.
- There's always room for a polite touch, even in an automated text.
- Special instructions, like asking a patient to arrive early, are also helpful to include and won't constitute a breach of privacy.
- The instructions for how the patient can confirm or modify the appointment are clear and precise enough that even patients new to texting should be able to understand them.
Following HIPAA guidelines is critical both for your patients' health and wellbeing and for your peace of mind. However, it is not the only consideration that must be taken into account when crafting text reminders for medical appointments.
It is vital, for example, to have patients specifically opt-in to receive text messaging notifications before sending any SMS appointment reminders. Being aware of general best practices for text messaging with customers is key to using SMS reminders to your (and your patients') best advantage—and for health organizations in particular.
Additional SMS Best Practices for Protecting User Privacy
The best way to protect user privacy while ensuring the efficacy of your reminders is to choose an SMS provider and platform that facilitates both.
Look for a platform that includes features such as data encryption and automatic archiving. The former will help protect both patient and responder privacy on a technical level. The latter provides you with a clear audit trail to promote accountability and minimize legal liability.
The ideal SMS delivery platform will also make it as easy as possible to compose and send your HIPAA-compliant SMS appointment reminders to the right people at the right time. Automation, audience segmentation, and unlimited keywords are all useful functions for setting up an appointment reminder system that works. An extended character count, meanwhile, can be beneficial for composing more human-friendly texts that will help set patients' minds at ease about their upcoming appointments.