Providers and Text Messaging

Studies show that over 80% of providers send text messages that include PHI to colleagues and patients. The ease by which healthcare providers can communicate using text messaging far surpasses any other means of communication. That said, not all texting is HIPAA compliant. This can lead to the common misconception that no texting is HIPAA compliant.

In actuality, by adhering to cardinal rules and using a HIPAA compliant texting platform, healthcare professionals can steer clear of HIPAA violations to provide quality patient care.

HIPAA compliant email vs messaging

How can OhMD be used in compliance with HIPAA?

It is important to note that there are no definitive guidelines or certifications that are officially recognized to make a product “HIPAA Secure”. Rather HIPAA simply demands compliance with the general rules within it, specifically the Security Rule, the Privacy Rule and the Breach Notification Rule. OhMD supports HIPAA compliance (within the scope of the Business Associate Agreement) but ultimately complying with HIPAA is a shared responsibility between the customer and OhMD.  That said, there are a number of factors that enable HIPAA compliant communication on OhMD that are both logistical and technological in nature:


  • By using the OhMD applications, an automatic BAA is put in place which can be accessed here.
  • Using OhMD as your patient communication solution segregates communication containing PHI from your other communication platforms (SMS texting, email, etc.).
  • Organizations are required to gain documented (dated and time stamped) patient consent to communicate via SMS (not 100% secure). Most practices accomplish this through patient consent forms.
  • OhMD combines secure video, calling, SMS, and encrypted-chat (through encrypted SMS links) to give each organization all the tools they need depending on how they operate.
  • OhMD was designed specifically for healthcare, so we have built the service with your workflows in mind.  We give you the tools to administer users and their access, control who should be notified of new messages, and manage your patient population.
  • Our staff has completed HIPAA training — we treat your data with respect and care.


  • OhMD employs TLS RSA with ARIA-256-CBC/SHA-384 for Message Delivery and AES-256 for web service callouts.
  • Data is encrypted when at rest.  OhMD’s hardware is hosted on the East Coast of the United States by Amazon utilizing their EC2 HIPAA compliant service and encrypted using AES-256.  OhMD and Amazon have an executed BAA in place.
  • Account management can be handled by client-side Admins and/or by OhMD Support.  Ability to access and level of access can be managed per user with all users needing unique usernames and passwords.


OhMD is a healthcare communication platform that can be used to text with patients and colleagues. With patient consent, OhMD can be part of a HIPAA compliant approach to patient communication. We have a HiTrust Assessment ensuring our information/network security approach complies with all HIPAA and NIST standards.

Have more questions?  Feel free to email us: