Member and patient communications have transformed over the course of the digital age. The rise in smartphone adoption and usage across all generations has enabled more seamless communication opportunities for providers and payers with their patients and members. Using digital communication features specific to smartphones like apps, email, and text messages, it should be easier now than ever to share information between members and patients and their doctors and health plans. However, the quickest and most efficient way to get in contact with a patient or member, via text message, may not be as easy as the rest. Messages that have Protected Health Information (PHI) and other sensitive health data cannot be sent over simple text messages, due to HIPAA compliance rules and regulations.

Luckily, we are here to help. Plans and providers can leverage a HIPAA compliant texting platform to communicate and engage with their member and patient populations without privacy and compliance concerns.

The Relay Feed, a HIPAA compliant mobile communication channel, leverages text messaging to a secure, browser-based scrolling feed for patient and member engagement. Relay partners with leading healthcare payers and providers to drive important member and patient actions that impact cost of care, cost to serve, and overall health outcomes. Click below to see the Relay Feed in action!  

This blog post breaks down everything you need to know about HIPAA compliant texting.

Let’s start with the basics.

HIPAA compliant texting refers to secure text messaging practices that adhere to the guidelines set forth by the Health Insurance Portability and Accountability Act (HIPAA). Most SMS messages are not HIPAA compliant, so it is important to understand the guidelines before moving forward with a text messaging program for patients and members. The guidelines are designed to protect sensitive patient information, ensuring that communications between all parties: providers and health plans, providers and patients, or health plans and members, are encrypted, secure, and not accessible by unauthorized parties.

The primary regulations around HIPAA compliant texting include:

If you would like more information or guidance on all of the regulations and requirements for HIPAA compliant texting, see the U.S. Department of Health and Human Services Office for Civil Rights website.

In healthcare, protecting patient data is not only a regulatory requirement but also critical to maintaining trust. HIPAA compliant texting enables payers and providers to communicate efficiently with patients, streamline workflows, and enhance patient care, all while safeguarding the privacy and security of health information.

And members and patients are on board. In fact, according to McKinsey, the healthcare industry continues to earn the trust of consumers, with 44 percent of surveyed consumers indicating they are willing to voluntarily share personal and health data with healthcare organizations—more than double the rate for technology or retail organizations.

Additionally, 92% of patients expect personalized reminders and messages from healthcare providers. Personalization through digital tools not only increases engagement but also helps drive better health outcomes by keeping patients informed and involved in their care​.

With the increased willingness of patients to share data, and their desire for plans and providers to use that data for communication and engagement, HIPAA compliant texting is a viable solution to enable that personalized experience.

HIPAA compliant texting is necessary whenever PHI is shared or discussed and there is data included that is linked to a personal identifier. Personal identifiers include things like: name, birthday, phone number, account number, and email address. As best practice, it is important to follow the outlined rules and regulations like encryption, access controls, consent capture, secure devices, multi-factor authentication, audit controls, and remote wipe capabilities.

Messages that can be sent using HIPAA compliant texting include, but are not limited to: appointment reminders, specific care instructions, test results, billing information, and patient consultations. Below is an example text message calling out the specific components that require it to be HIPAA compliant.

Example of a HIPAA Compliant Text Message

Learn how Relay’s unique security positioning, including HIPAA compliance, SOC-2 compliance, and HITRUST certification, enables healthcare payers and providers to share even more information within the secure feed. See a Relay Feed for yourself by clicking the link below.

STEP 1: Start by identifying a HIPAA compliant text messaging platform, like Relay, that provides the necessary security features like encryption, access control, and audit trails. The platform must offer the following features to be considered HIPAA compliant: patient or member consent capture and opt-out procedures, messages must be encrypted at transit and at rest, only authorized users should have access to patient or member information and should undergo continuous training to maintain compliance, detailed logs must be maintained for audit purposes, and remote wipe capabilities are available.

STEP 2: Once you’ve chosen your platform, sign a Business Associate Agreement (BAA) with them that outlines their responsibility in protecting PHI.

STEP 3: As part of the implementation, make sure to outline clear policies for relevant staff and users so that they understand when and how they can use HIPAA compliant texting to outreach to patients and members. Training includes but is not limited to: understanding policies around the type of information that can be shared via text, understanding the risk associated with sharing PHI via text messages, maintaining strong internal password policies, and ensuring safeguards and phone encryption.

STEP 4: Once up and running, maintaining compliance is critical. Monitor communications and review audit trails to ensure that everything is HIPAA compliant. As regulations evolve and change, ensure that the platform you are using is staying up to date on those changes to remain compliant.

As mentioned previously, the Relay Feed is fully HIPAA compliant and HITRUST certified, providing the highest level of security for our customers. To quote one of our health payer clients:

The implementation steps above are what we have seen working with our own clients, but they are not all encompassing. For further guidance on identifying and implementing a HIPAA compliant texting solution, go to the U.S. Department of Health and Human Services Office of Civil Rights website for more comprehensive information.

There are many benefits to using HIPAA compliant texting, some of which are highlighted below. These benefits are categorized by the patient and provider relationship as well as the healthcare payer and member relationship.

Meeting Members Where They Are Today

Healthcare lags behind other industries in digital adoption. For context, McKinsey research found that digital adoption in healthcare sits at roughly 55% while digital adoption in banking sits around 90%. Patients and members expect the same modern, convenient communication methods from their healthcare providers and payers just like they experience in other industries. According to Pew Research, 97% of Americans own a cell phone of some kind, regardless of demographic, so the obvious place to start is on mobile devices. HIPAA compliant texting offers healthcare payers and providers the opportunity to catch up with other industries in terms of their digital adoption offerings while meeting consumers where they are today.

Making Communication and Engagement Seamless

Additionally, consumers today respond negatively to friction points like log ins and downloads. According to a Deloitte consumer study, 55% of consumers have stopped using a website because the login process was too complex and 92% of users will leave a website instead of recovering or resetting their login credentials. HIPAA compliant texting allows member and patients to receive and review health information without having to log in or download anything, making it easy and effective to use.

To conclude, HIPAA compliant texting is a critical component for healthcare organizations that aim to modernize communication while maintaining the highest standards of privacy and security. As patients increasingly expect personalized and convenient communication, leveraging a secure platform ensures that sensitive health information is always protected. Whether it’s appointment reminders, care instructions, or claims updates, HIPAA compliant messaging not only enhances patient engagement but also helps healthcare providers and payers reduce operational costs and maintain compliance with regulations. By adopting secure texting solutions, like Relay, healthcare organizations can foster trust, improve health outcomes, and drive long-term engagement. Ready to take the next step in patient communication? Explore how HIPAA compliant texting can transform your outreach strategy.

To learn more about how Relay can help with your member engagement, reach out to sales@relaynetwork.com

To experience a Relay Feed right on your phone, click the button below: