Texting with patients requires you to follow HIPAA, TCPA, FCC, FTC Laws and more.
In 1991, the Federal Communications Commission established a national do not call registry, part of the Telephone Consumer Protection Act. With technology improvements and the change in channels we use to communicate, the FCC modified the act to include SMS/text messaging. Those regulations mean organizations must receive written consent from individuals prior to sending any text messages to them. The biggest driving force for the law, is to protect consumers who were not on unlimited texting plans. No business is allowed to run up a bill of the consumer, unless you have express written consent. Rhinogram meets all of the TCPA requirements.
In 1996, President Bill Clinton signed The Health Insurance Portability and Accountability Act into law. HIPAA protects the security and privacy of patient health information. Technology was advancing, so it was created to focus on how patients were taken care of and continues to be the case today.
Provider responsibility when texting with patients:
- You must obtain separate consents to text with your patient. These consents must be clear to the patient. Appointment reminders are exempt from opt-in consent, but not opt-out.
- You need a consent to begin exchanging ePHI with the patient. This consent will cover all things clinical and will connect parties that have also been listed to share information with.
- Separate individual consents are needed for billing, reviews, surveys, marketing, etc.
- If you create a text campaign, and it’s being sent to a large number of people, the consent must be written and clearly understood.
- You must give your patients the option to opt-out and once they do, you can’t send them any more text messages.
- Violations are enforced by the FCC, and you can face up to more than $18,000 per violation. Consent and opt-out management are where the majority of the fines occur.
- Once a patient gives you data, you must compliantly protect it.
This entails: encrypting, security auditing, penetration testing, logging with timestamps, auto log out settings, data traceability by user, and there’s much, much more…
Rhinogram checks all of those boxes for you.
In just a few clicks, you’re protected, seriously.
- Tracks and maintains full patient consent records with built-in features to stay up-to-date and prepared for audits.
- Obtain consent through Rhinogram’s consent authorization templates. We already wrote it out for you!
- Document the patient’s decision with Rhinogram.
- All Rhinogram users have unlimited access to RhinoSecure. A messaging channel protecting patient information with 256 bit AES encryption for those patients who don’t give you SMS/MMS consent.
- All communication, text and images, are part of the patient communication record and are permanently stored and are uneditable.
- Rhinogram regularly tests for penetration and security auditing to ensure compliance.
Rhinogram is also ONC certified. That means, we are deemed a trusted vendor by the government with enterprise-level support.
The Office of the National Coordinator for Health Information Technology establishes standards EHR programs must meet to become certified. It was established under the Public Health Service Act and allows providers and patients to feel secure with how their health information is stored and used. Read more here.
When it comes to government regulations surrounding TCPA, HIPAA, FTC, FCC and ONC certification, Rhinogram has you covered.