Skip to content

Everything you need to know about HIPAA compliant texting

Waiting rooms have changed drastically over the years. Magazines have gone from a must-have to mostly being unread

Smartphones and mobile devices have made them mostly a thing of the past. Even TVs often get ignored in favor of scrolling through a newsfeed.

With mobile devices playing such an important role in everyone's daily life, it makes sense to take advantage of that to improve patient care and engagement.

So the biggest question when it comes to text messaging is often...

1st image


In 2015, the FCC issued a ruling to clarify the ability of healthcare organizations to text their patients.

According to this ruling, if a patient provides a phone number to a healthcare provider, that constitutes express consent that the provider can send text messages to the patient (subject to certain HIPAA restrictions).

This means that you don’t need patients to fill out a separate form providing specific consent to text them.

If you have their cell phone number, you are allowed to text them regarding:

  • Appointments and reminders
  • Pre-operative instructions
  • Post discharge follow up calls
  • Lab test results
  • Notifications about prescriptions
  • Home healthcare instructions
  • Pre-registration instructions

But that doesn't mean you can just pick up your cell phone and just use any messaging solution and start sending texts.


When text messaging with patients, you must abide by HIPAA guidelines and only send secure messages.

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects a patient’s medical records and other protected health information (PHI).

HIPAA includes a Privacy Rule that regulates how covered entities (doctors, insurance companies, healthcare technology companies) can use and disclose certain individually identifiable health information. This information can be in paper or electronic form, and it must be protected by covered entities .

Some examples of PHI include: PHI is any health information that can be tied to an individual. That means documents like insurance documents, lab results, and healthcare bills that include health information AND personal identification of who the information belongs to.

If you are using a cellphone to send PHI to other healthcare organizations or to the patient, and are not using a secure text messaging platform, then you are violating HIPAA regulations.

Using the standard SMS app on a cellphone to send patient will hurt your HIPAA compliance.

However, you can use secure messaging solutions, such as Curogram, that enable you to send secure texts and messages to patients and other providers from your desktop or mobile device.

HIPAA-compliant applications encrypt messages both at rest and in transit. Text messages that contain PHI need extra encryption to meet HIPAA regulations.



HIPAA compliant texting for medical professionals is critical because PATIENTS WANT IT!

In fact, 3 out of 4 patients prefer texting to emails and phone calls.

Here’s why:

  • 90% of text messages are read within 3 minutes
  • Only 60% of emails are read within 24 hours
  • 90% of incoming calls from unknown numbers are ignored, and 20% of voicemails are never heard

HIPAA compliant text messaging is invaluable for any medical office that wants to increase their revenue and improve their workflows.

Secure texting can reduce your staff's time spent on the phone by 50% or more. And as we all know, the time your staff spends on the phone takes them away from other tasks and wastes their valuable time.

The average phone call consumes 2 minutes of your staff’s time, while responding to a text message can be done in less than 10 seconds!

Imagine being able to cut down no-shows by more than 50% - that alone is worth the effort of implementing a HIPAA compliant messaging solution.


Be careful when selecting a texting or messaging application for your practice.

According to the American Medical Association, basic HIPAA violations can result in fines of up to $50,000 and up to 1 year in prison. HIPAA fines have been increasing over the years, and in 2018, a record $28.7MM in fines were issued.

Be aware that many free texting or messaging apps, like Google Voice and WhatsApp are not HIPAA compliant.

Be sure the platform you pick will sign a Business Associate Agreement that covers protection for the message in transit from their solution to your patient's phone.

Stay away from using consumer messaging apps such as WhatsApp, Facebook Messenger, Skype, and Telegram.



So how do you sort through all the options to find the best HIPAA compliant messaging app?

First, decide if you want to send secure text messages to patients, internally between your staff, or both.

Some applications are only designed to send appointment reminders and other basic text messages to patients, but they don’t offer encrypted HIPAA-compliant texting for PHI or internal staff messaging features.

Other applications are meant to be used primarily for staff-to-staff messaging and do not offer robust office-to-patient communication functionality.

Curogram is designed to be an “all-in-one” communication app that allows:

  1. Real-time and scheduled secure texting with patients for reminders and scheduling coordination
  2. Encrypted messaging for messages with PHI
  3. Secure messaging for internal staff and inter-office messaging.
Curogram offers

For Patient texting, Curogram offers the most advanced HIPAA-compliant texting solution on the market that integrates with any EMR.

Users can fully customize multiple automated outbound reminder and survey messages, create template responses for frequently asked questions, enable online appointment booking, and send encrypted PHI messages and documents - all from the same easy-to-use interface.

For Staff-to-Staff messaging, Curogram offers desktop, iOS and Android applications that enable intra-office and inter-office messaging.

With inter-office messaging and scheduling sharing, the platform can be a great tool for clinically integrated networks to coordinate patient referrals and reduce patient leakage.

Both desktop and mobile applications allow for users to see staff and patient messages in the same interface.

For Staff-to-Staff internal messaging, Curogram even offers a free service for smaller accounts of less than 10 users.

If you are interested to start a trial or learn how Curogram can add $80,000/year per doctor to your bottom line, click here.