Texting and HIPAA…

Texting has been happening in healthcare for years. Studies show that over 80% of doctors are already sending text messages including PHI with each other and patients. The ease by which healthcare providers can communicate using text messaging far surpasses any other means of communication. The problem with traditional texting is that texting patient health information is a HIPAA violation. In fact, if you’re sending PHI, both SMS messaging as well as email is considered a HIPAA violation.

So what makes OhMD HIPAA Compliant?

First of all it is important to note that there is no definitive guidelines or certifications that are officially recognized to make something “HIPAA Secure”.  Rather HIPAA simply demands compliance with the general rules within it, specifically the Security Rule, the Privacy Rule and the Breach Notification Rule. OhMD supports HIPAA compliance (within the scope of the Business Associate Agreement) but ultimately complying with HIPAA is a shared responsibility between the customer and OhMD.  That said, there are a number of factors that go into making OhMD a HIPAA compliant form of communication that are both logistical and technological in nature:


  • By using our app there is an automatic BAA put in place which you can access here.
  • Using OhMD as your secure texting solution segregates communication containing PHI from your other communication platforms (SMS texting, email, etc.).
  • OhMD was designed specifically for HealthCare so we have your workflows in mind.  We give you the tools to administer users and their access, control who should be notified of new messages and manage your patient population.
  • Our staff have all completed HIPAA training and treat you and your data with the utmost respect and care it deserves.


  • Data is encrypted when in transit.  OhMD employs TLS RSA with ARIA-256-CBC/SHA-384 for Message Delivery and AES-256 for web service callouts.
  • Data is encrypted when at rest.  OhMD’s hardware is hosted on the East Coast of the United States by Amazon utilizing their EC2 HIPAA compliant service and encrypted using AES-256.  OhMD and Amazon have an executed BAA in place.
  • Account management can be handled by client side Admins and/or by OhMD Support.  Ability to access and level of access can be managed per user with all users needing unique user names and passwords.


OhMD is a secure communication platform that can be used to text with patients and colleagues without fear of a HIPAA violation based on the underlying infrastructure.  As such, OhMD has been certified by the ONC as HIPAA complaint for messaging for Meaningful Use.  Additionally we have a HiTrust Assessment ensuring our information/network security approach complies with all HIPAA and NIST standards.

Still have more questions?  Contact Us and let us know!