Patient Messaging Systems
By Wade Emmert
I recently worked with a health care client who uses a third-party messaging system to communicate with patients—sending appointment reminders, online forms, educational materials, and even marketing campaigns.
While convenient, these systems can be *a privacy minefield* if not handled properly. Here’s why:
❌ Text messages are not encrypted in transit — they can be intercepted.
❌ Messages aren’t protected at rest — anyone with access to a phone or email can read them.
❌ No authentication — you can’t be sure the intended recipient is the one reading the message.
If you’re using a messaging system with patients, you need safeguards in place. Here are three key steps:
✅ Get patient consent before sending messages via text or email.
✅ Avoid including PHI (Protected Health Information) — instead, send a secure link where patients can log in to view details.
✅ Have a Business Associate Agreement (BAA) with your vendor to ensure they follow industry-standard privacy and security protections.
If you have questions, drop a comment below or email me at wade@texashealthlaw.com.
By Wade Emmert
I recently worked with a health care client who uses a third-party messaging system to communicate with patients—sending appointment reminders, online forms, educational materials, and even marketing campaigns.
While convenient, these systems can be *a privacy minefield* if not handled properly. Here’s why:
❌ Text messages are not encrypted in transit — they can be intercepted.
❌ Messages aren’t protected at rest — anyone with access to a phone or email can read them.
❌ No authentication — you can’t be sure the intended recipient is the one reading the message. If you’re using a messaging system with patients, you need safeguards in place. Here are three key steps:
✅ Get patient consent before sending messages via text or email.
✅ Avoid including PHI (Protected Health Information) — instead, send a secure link where patients can log in to view details.
✅ Have a Business Associate Agreement (BAA) with your vendor to ensure they follow industry-standard privacy and security protections.
If you have questions, drop a comment below or email me at wade@texashealthlaw.com.