Is SMS HIPAA compliant?

Yes, but there are special considerations:


Organizations that are required to comply with HIPAA may use SMS to send messages that do not contain PHI (Protected Health Information) to their clients. SMS messages containing PHI are not HIPAA compliant.


Why are SMS messages containing PHI not HIPAA compliant?


While Talkroute provides the proper security to send the SMS message containing PHI, that message is being delivered to the client’s personal phone which is outside of our network and in most cases does not have the appropriate security to receive the message.


In summary, even though you are sending the message through our secure network, the end user’s network is likely not secured and therefore is not HIPAA compliant.


How can I send PHI with SMS and still comply with HIPAA?


The most common practice is to use SMS as a notification tool to alert the client that they have a new message from your organization. For example, you may choose to send an SMS message containing a link to a third-party HIPAA secure portal that the user can access to view any new messages containing PHI. This would ensure a secure connection on the user's end and avoid any potential HIPAA violations.

Was this article helpful?
0 out of 0 found this helpful