Patient Texting with HIPAA-Compliant Custom Software

by Cristos Lianides-Chin - Platform Architect

Medical practices of all sizes often have a Patient Management System (PMS) or other Electronic Health Records (EHR) database, but existing platforms don’t always make it easy to keep in touch with patients. Custom software can fill this gap by providing a custom, HIPAA-compliant module to handle patient texting from your office, all while leaving your existing EHR or PMS in place. 

The benefits of integrating text messaging with your Patient Management System or Electronic Health Records database have been well-studied, but regulatory and technical challenges prevent many practices from using patient texting. Codence has the proven technical, regulatory, and consulting experience to make this process easy & friction-free. 

Benefits of Text Messaging with Patients 

The medical community has widely studied the benefits of using mobile text messaging (SMS/MMS) to communicate with patients. A 2021 study by the Veterans Health Administration found that an automated texting system was “a welcome complement to education provided during in-person visits” and that it was useful for “supporting simple (e.g., 1-way education and motivation), complicated (e.g., 2-way appointment and lab reminders), and complex (e.g., procedure preparation) messaging.”  

More broadly, a 2018 literature review of 162 published articles found that “text messages appear to be an effective reminder mechanism to promote improved patient appointment and medical compliance.” That study also found that “clinics report[ed] major financial savings after implementing an automated SMS-reminder system, and attribute[d] the savings to the relative inexpensiveness of SMS reminders and the decrease rate of missed appointments.” 

Is your practice not using text messaging because of concerns about the cost/benefit ratio? You might be surprised at how seamlessly and economically it can be added to your existing systems. Contact Codence to learn more! 

Challenges to Patient Texting 

Although there are well-documented benefits to communicating with patients via text messaging, there are also good reasons that many practices aren’t always using it. The barriers are usually either regulatory or technical in nature. 

Regulatory Challenges 

Both the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Telephone Consumer Protection Act (TCPA) provide regulatory requirements around patient texting. HIPAA compliance is managed by following the US Department of Health & Human Services’ Security and Privacy rules. Under the Security rule, practices must ensure the confidentiality of all electronic protected health information (ePHI), including protecting against anticipated threats. Meanwhile, the Privacy rule requires that practices and their business associates may not disclose a patient’s ePHI.  

The Telephone Consumer Protection Act (TCPA) covers multiple forms of communication, including both phone calls and text messaging. It requires that organizations must have a consumer’s consent to send text messages to them, and that they must include an opt-out mechanism. These requirements were further strengthened in 2019’s Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act. 

Fortunately, there are a few simple steps that a custom application can take to allow you to comply with the regulatory requirements around HIPAA, TCPA, and TRACED. A custom application (that works alongside your PMS/EHR) can:

  1. make it easy for your office staff and for patients themselves to manage opt-in/opt-out status. 
  2. verify the patient’s contact information based on the data in your central EHR. 
  3. provide a pre-defined set of messages that have been carefully reviewed to comply with HIPAA’s Privacy rule and the TCPA & TRACED Acts. 

Technical Challenges 

HIPAA’s Security rule requires medical providers to ensure the confidentiality of all electronic protected health information (ePHI). The provisions of the TCPA also strongly encourage your text messaging solution to integrate with your Electronic Health Records system, so that patient contact information is up to date — all while still providing for easy opt-in/opt-out mechanisms.  

Claris’s FileMaker platform provides many out-of-the-box features that address the HIPAA Security Rule’s requirements, such as encryption-in-transit, encryption-at-rest, automated log-off, and more. Using FileMaker as the basis for a companion application, alongside your EHR or PMS, can give you a significant head start on any custom application. New improvements in FileMaker 19 and later versions also make it easier than ever before to integrate with PMS or EHR back-end databases, as well as with cloud-to-SMS tools to contact patients.  

It is important to review all the components of your technology stack to ensure that adequate security measures are in place and that no ePHI is being inadvertently exposed. An experienced custom application partner like Codence can help make sure that every detail is covered, and you can be confident your system stays compliant. 

Working With a Custom Software Developer 

It is essential for every organization to have software that is consistent, reliable, and which makes things easier. This is exactly why building a custom application that works alongside your EHR or PMS can be the right step for your practice. By adding features that support text messaging, without needing to significantly customize your EHR or change systems altogether, you can obtain all the benefits of increased patient communication while minimizing the risks. 

By building your custom software with a partner like Codence, you have the confidence of being backed by a team of top-notch developers who know the technology inside & out. We work closely with your team to really understand what problems you’re solving and how the right app can make all the difference. 

Subscribe to get the latest in your inbox.

This field is for validation purposes and should be left unchanged.

Leave a comment

Your email address will not be published. Required fields are marked *

Your email address will not be published. Required fields are marked *

Built with you in mind

Speak to one of our expert consultants about making sense of your data today. During
this free consultation, we'll address your questions, learn more about your business, and
make some immediate recommendations.


Stay in touch!

This field is for validation purposes and should be left unchanged.