Sending email and text message appointment reminders is hugely popular, for both provider and patient. By default, however, the HIPAA does not allow this activity because it involves Protected Health Information (PHI) being sent to an unsecured environment. Fortunately, a patient can override this HIPAA restriction.
Like so many other areas in healthcare, patients themselves can authorize just about anything, receiving information via unsecured email and text included. The HIPAA acknowledges receiving information via email and text is extremely convenient, and that patients will often prefer this method of communication from their healthcare providers. Obtain patient authorization and your good to go.
The email authorization
Authorization should go well beyond a single sentence buried somewhere within an intake form, it must be informative and comprehensive.
An email authorization form should include:
- Risks associated with transmitting information using email or text, such as:
- E-mail can be immediately broadcast worldwide and be received by unintended recipients
- E-mail senders can easily misaddress an e-mail
- Employers and on-line services have a right to archive and inspect e-mails transmitted through their systems
- E-mail can be intercepted, altered, forwarded, or used without authorization or detection
- E-mail can be used to introduce viruses into computer systems
- E-mail can be used as evidence in court
- Conditions of using email or text, such as:
- All e-mails to or from the patient concerning diagnosis or treatment will be saved as part of the medical record
- The Practice may forward e-mails internally to the Practice’s staff and agents as necessary for diagnosis, treatment, reimbursement, and other handling
- If the patient’s e-mail requires or invites a response from the Practice, and the patient has not received a response within a reasonable time period, it is the patient’s responsibility to follow up to determine whether the intended recipient received the e-mail and when the recipient will respond
- The patient is responsible for protecting his/her password or other means of access to e-mail
- It is the patient’s responsibility to follow up and/or schedule an appointment if warranted
- Instructions to communicate by email, such as:
- Inform the Practice of changes in his/her e-mail address
- Put the patient’s name in the body of the e-mail
- Review the e-mail to make sure it is clear and that all relevant information is provided before sending to the Practice
Be sure to have a system in place to handle patients who choose not to utilize email and text messages. Remember, the patient decides if it's okay to send appointment reminders, not your practice.