Email and Texting

Posted by Thomas Davon on

This is a digital age and people are no longer finding it easy having one-on-one appointments just to get certain information from their physicians. There are currently different means to send information to a patient as a health care provider. Because of the age and times we are, patients are increasingly demanded that they be communicated with via electronic channels such as emailing and texting. If that is the channel a patient chooses to be reached through, then as a health care provider it is your responsibility to comply. However, Health Insurance Portability and Accountability Act (HIPAA) under its Security Rules requires a health care provider who is a Covered Entity (CE) when sending an electronic Protected Health Information (ePHI) to the patient concerned must first confirm that the channel is a secured one before sending the ePHI. Also, a health care provider must be certain that the information to be sent via the channel will be delivered to the patient.


It should be noted that the Health Insurance Portability and Accountability Act (HIPAA) Security Rules explains that health information only becomes a Protected Health Information once it reaches a Covered Entity (CE). What this means is that a patient may choose an unsecured channel to send his or her health information via texting or emailing. That information sent to a Covered Entity (CE) becomes a PHI once the CE receives it. The information sent to a health care provider by a patient through an unsecured means is automatically protected by the Health Insurance Portability and Accountability Act (HIPAA) once it reaches the health care provider who is a CE.


It is important that a health care provider uses communication mechanisms that allows for the implementations of all the necessary Security Rule safeguards. This is because of the increasing access people have to information online. A health care provider operating an Electronic Health Record (HER) system can decide to create patient portals where a patient would require login password and username to gain access to any information in the portal. The health care provider may also use email systems that encrypt messages.


Leave a comment

Please note, comments must be approved before they are published