What You Need to Know About HIPAA Appointment Reminders
One of the primary reasons why the United States government passed the Health Insurance Portability and Accountability Act (HIPAA
) was to encourage the use of new technology in the healthcare field by estabalishing rules to protect the privacy of patients. A key aspect of HIPAA relates to the security of data regarding patient records and other vital information that should remain private under federal law.
If you work in a healthcare office, you may be wondering if text messages, emails, automated voice calls and other forms of communication are acceptable as a means to remind patients of upcoming appointments under HIPAA.
The answer is yes
. The Health and Human Services (HHS) department has stated that appointment reminders are allowed under the HIPAA Privacy Rule (see here
Of course, please keep in mind that we are not lawyers and can not give official legal advice.
HIPAA Appointment Reminders Content
The Department of Health and Human Services has officially stated that phone calls, text messages and emails are all effective and legal ways to communicate with patients regarding their upcoming appointments under HIPAA requirements. Reminding patients about appointments that they may have made days, weeks or months before is critical to providing patients with timely care and to the efficient operation of the medical office. HHS understands this importance.
When sending text, voice and email appointment reminders, it is important to realize that someone other than the intended party may see or hear the message. Because of this, you should take care to not include detailed notes about the appointment, diagnosis, or treatment plans. Apptoto's default message templates comply with this and include only
- Date and time of appointment
- Provider name and company
- Location of appointment
The message templates that Apptoto uses can be customized easily. Some providers have chosen to use their initials in place of their name or business name in the reminder messages to further protect the privacy of their patients, but this is not required.
Complying With Patients' Wishes
With HIPAA appointment reminders, healthcare providers are required to comply with reasonable requests regarding the format of the reminders. For example, if a patient wishes to opt out of receiving text messages the patient can request another type of reminder. The healthcare office is not required to make a phone call or send a text message reminder if this is not a service provided by the office to other patients. However, the healthcare office will need to cease sending reminders if a patient makes the request to do so.
Choosing a HIPAA Appointment Reminder provider
HIPAA appointment reminders serve an important purpose for the healthcare office as well as for the patient. Medical service providers may consider setting up service with an appointment reminder service provider if they do not currently do so. Apptoto
is a highly cost-effective and convenient option to consider, and is designed to be HIPAA-compliant. Medical offices may also ask patients to state their preference regarding a type of reminder or to opt in to receive appointment reminders, and the appointment reminder service provider can work with the medical office to set this up effectively.
Apptoto's HIPAA compliance program
In order for a service provider to be fully HIPAA compliant they must adhere to HIPAA's Privacy Rule, HIPAA's Security Rule, and be willing to sign a Business Associates Agreement (BAA).
Our HIPAA compliance program does all three by providing:
- Account stored and run on HITRUST Certified servers for HIPAA Compliance (provided by Armor)
- All sensitive "at rest" data encrypted
- All sensitive "in transit" data encrypted (this does not include SMS and Email messages sent)
- Logging disabled on server
- SSL used for all communication
- Account disabled after 6 failed attempts
- Courtesy compliance review of message content
- Only Apptoto personnel trained in HIPAA compliance (via Accountable) and having undergone background checks will have access to your account
- Signed Business Associates Agreement (Group plan and higher)
In order to use our HIPAA compliance program, you must sign up
for a free account, and then subscribe
to one of our plans that includes HIPAA compliance. If you are on a Group plan or higher, you can then request a signed BAA by sending your company's official name, HIPAA compliance officer, and address to firstname.lastname@example.org.