HIPAA compliant email vs HIPAA compliant texting

Emailing is not the primary form of communication amongst younger generations. As a millennial, it’s fair to say that we are always on our phones. Whether we are using it to text, check Facebook, use Snapchat or Messenger it’s abundantly clear that we use our phones to quickly send messages to our friends and colleagues. Emails still play a crucial role in the working world today, but it is not the most efficient way if we want to talk to someone get an immediate response, a text message is way more efficient.

How does this healthcare come into play?

For starters, most of the time we want to schedule an appointment with a doctor we will call our local practice listen to the general voice mail and eventually talk to a receptionist once the line is free. Once we go in for our appointment we get a diagnosis and a prescription if necessary and then go home and tend to our illness. In most situations after we leave the practice some lingering questions come up that weren’t ask during the appointment. How can we talk to our doctor to get those questions answered? There’s email but a busy practice will not have the time to sit down at their computer and formulate an response email. They are much more likely to answer a text message quickly in between patients or when there is short downtime.

Why don’t doctors text message?

They do! But the problem with text messaging protected health information(PHI) over SMS is that it’s not secure. If a doctor is sending PHI over SMS he/she is in violation of HIPAA and liable for $50,000 fine. HIPAA was not as much of a big deal until 2003 when the Privacy Rule required compliance. Many practices see the value in texting patients to set up appointments and overall educating patients about their certain ailments. It allows for practices to be able to reduce phone tag and the amount of time patients are kept waiting on hold. Communications within the medical field is changing and text messaging will become an efficient way for people to communicate with their practices.

Making texting HIPAA compliant for Health Professionals and Patients

In this day and age it seems like everyone has a smartphone. One of the most popular ways to use our smartphones is to text. According to a Gallup Survey, texting is the most popular way of communicating for Americans under the age of 50. With younger generations continuously using their smartphones for communication with friends and family members it’s a natural progression to begin using text to communicate with their healthcare providers.

Being able to text your local clinician/doctor for simple questions like clarification on prescriptions and dosages is a game changer. This gives you a medium you can consistently refer back to with clear written instructions, and you don’t need to worry about misplacing the prescription itself.  It also provides patients with a great opportunity to get clarification on other instructions and care plans the doctor may have shared during an office visit.  It often happens that you receive so much information in a visit to the doctor’s office that you forget to ask important questions, and OhMD gives patients a tool to get those lingering questions answered quickly and easily.

The logical concern with texting is security. With the new demand for the convenience of texting comes privacy and security concerns.

If you are already in contact with your healthcare provider and are using SMS texting, you are violating HIPAA.

When it comes to HIPAA compliance, texting using the default texting app is not an option. Even though major cellphone carriers offer encryption on data being sent through their servers, text messages remain on the device.

If your phone is lost or stolen your protected health information (PHI) could be compromised.

In addition to losing your phone anyone can access your messaging app if they have access to the contents of your phone. Even if you have a password on your phone, think about all the people you let use your phone to make calls or text themselves so they have your number.  All those people could easily access your messages with your healthcare provider.

OhMD not only offers a HIPAA certified texting platform, it’s also free.  As a patient you can download and use OhMD for free to communicate with all of your healthcare providers that have the app — your primary care physician, your dentist, your counselor or your home health aid.  For patients who are accustomed to having their health data in many different places, this is a welcomed change.

Although there are valid concerns regarding HIPAA compliance, texting applications like OhMD offer a secure solution for patients and their care providers to communicate quickly and easily.

HIPAA Compliant Email

The HIPAA history

Why is HIPAA compliant email even a thing? HIPAA. It comes up in healthcare in literally every other conversation. We all triple check to make sure we didn’t spell it wrong in our outgoing emails. If someone were to notice, we would immediately lose credibility points among peers.

On the other side, it’s not easy to ignore when someone uses the old “HIPPA” or the less common “HIPPAA Compliance” spellings. We all cringe when we see it, but it’s hard to look away. Needless to say, it is by far the most widely used acronym in healthcare.

A brief history recap for the uninitiated: The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. But that isn’t when the healthcare industry had to comply with regulations around Protected Health Information (PHI).

That didn’t happen until the Privacy Rule required compliance in 2003. That’s when the glass walls went up in front of receptionists at physician practices and patients started signing HIPAA forms they had never seen before. Practices put together all types of protocol to protect patient health information. While painful at times, it’s been an important transition.

HIPAA compliant email

Few people debate the usefulness of email. In fact, 205,000,000,000 emails are sent daily. Yes – it’s mostly spam – but still, that’s a lot of email!

And as far as the healthcare industry’s use of email, it’s the primary method of communication. But how secure is it to send sensitive patient information over email? Not secure enough.

Prior to HIPAA’s Privacy Rule, using email to discuss PHI wasn’t putting you at risk for a fine. But now, if you use a system that isn’t HIPAA compliant, you’re putting yourself at risk for a $50,000 fine every time you send PHI.

That’s pretty serious.

How does it work?

So the healthcare industry needed a way to retrofit their email solutions to make them HIPAA compliant. The biggest problem here is that everyone uses a different email platform and environment, and you have to be prepared to send and receive emails to and from anyone.

A HIPAA compliant email

If you’ve seen one of these before, you know what we’re talking about.

That’s why HIPAA compliant email is challenging. Most of the products performing this function for hospitals require that an email recipient follow a set of steps to even read the incoming email. This is the set of steps I usually have to take when I’m unfortunate enough to get an email like this.

Step 1: I receive an email that says I have a new message in the HIPAA secure portal. I click a link taking me to a registration page to create my new account to communicate with this specific sender organization.

Step 2: I register with my very own login and password, and now I can see the email that was sent to me.


Just kidding, here are the things you’ll hate about HIPAA compliant email like this:

  1. Every time you login, you have to remember your username and password.
  2. You get booted out in the middle of writing a massive email you’ve spent a lot of time writing, only to have to rewrite it again.
  3. You can only use each of these secure email accounts to communicate with one organization. Each one has their own.
  4. When you want to write someone an email and didn’t bookmark the URL, good luck finding it.
  5. It’s almost impossible to CC: someone outside of that organization, which makes projects with multiple vendors tough.
  6. It’s an additional 5+ steps every time you want to write or read an email.

So, while it’s important to understand the value of compliance around the communication of personal health information, it’s also important to recognize the additional burden of these types of systems. And when you add that much complexity to a workflow, people tend to fall back on what’s easier, even if it violates the HIPAA email strategy.

Why texting?

So, while texting isn’t necessarily the best medium for all types of communication, it works flawlessly for many conversations. With an app based HIPAA secure texting solution, you can eliminate all the extra steps and get straight to communicating securely.