Text or Email: Does it Fit in Healthcare?

office-620822_640Communication by text or email is a part of daily life. Such forms of communication occur non-stop and through a variety of means whether it be Gmail, WhatsApp, iMessage, or any other number of services. However, the question that arises just as frequently is whether texting and/or email are appropriate in healthcare. The simple answer is yes, texting and email fit very well into healthcare and are very much permissible.

However, staying at the level of the simple answer is not sufficient. It is necessary to dive deeper and determine just how text and email communication can be done. Answering the more nuanced question largely depends upon the purpose of the communication. The purpose can be broken into two primary categories: marketing or provision of information. As would be expected, marketing communications create more concern and require attention to a wider array of regulatory requirements.

Regardless of the purpose of the communication, HIPAA is a driving force behind what a healthcare provider or entity can do when it comes to texting and emailing. Hopefully it is well known, but the HIPAA Privacy and Security Rules influence what communication tools can be used. If the healthcare entity is initiating the communication, then any such communication must carefully adhere to privacy and security requirements. Since any communication tool will most likely not just transmit but store the data sent, the communication tool will be considered a business associate and all attendant requirements (implementing a Business Associate Agreement) apply. However, if a patient requests that a provider send a record or other communication by email, then some of those concerns may be reduced. No matter who starts the communication though, HIPAA must be considered.

The other side to HIPAA is whether marketing communications are allowed. As a general matter, pretty much all marketing requires patient authorization under HIPAA. There are some forms of communication that do not require authorization, but those exceptions are not very broad.

The discussion in the preceding paragraphs is only a taste of how HIPAA impacts the use of texting and email. That being said, the key takeaway is that texting and emailing can occur. It may not be a publicly available tool like Gmail that can be used, but there are options. Such an approach helps to dispel the common misconception that HIPAA prohibits or otherwise prevents the use of texting or email.

While HIPAA is clearly a healthcare-specific law, any entity or organization seeking to text or email an individual must consider other laws as well. Foremost among those laws are the Telephone Consumer Protection ACT (“TCPA”) for texting and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM”) for email. These laws may not be readily known to healthcare entities, but lack of awareness is no defense to a violation.

TCPA is designed to protect privacy interests when it comes to phone-based communications, whether texting or phone calls. TCPA sets parameters as to how individuals can be contacted by companies. Obtaining consent to communicate by phone or text will generally solve potential issues under TCPA, but it is not always clear whether such consent has been provided. Many entities will also collect phone numbers without including consent to communication and then want to implement outreach by phone or text afterwards. When seeking to use already collected information, going back to get consent is not high on the list of priorities. Healthcare benefits from some relief in that regard. Communications for treatment purposes are exempted from the consent requirement. Before celebrating and thinking that all healthcare communications are treatment related, guidance around the exemption spells out what constitutes treatment. Further, there appears to be a requirement that any communication cannot result in a charge to the individual. Before sending a text, it is necessary to consider whether that will charge the individual or not. That question could be hard to answer. Again, like HIPAA, TCPA does not prohibit texting, it forces an organization to slow down and plan.

CAN-SPAM, as indicated, focuses upon email advertising. Generally, CAN-SPAM covers all commercial messages where the primary purpose is advertisement or promotion. As the acronym of the act implies, it is meant to help reduce the number of emails that we all receive. To avoid issues, seven principles have been laid out to flag an email as an advertisement or promotion: (1) make the header accurate and not false or misleading, (2) do not use deceptive subject lines, (3) identify the email as an advertisement, (4) tell rcipients where the sender is located, (5) tell recipients how to opt out of future emails, (6) promptly honor all opt out requests, and (7) monitor activities of vendors that may act on your behalf. Additionally, question what the “primary purpose” of the email is. CAN-SPAM only applies if it is advertisement or promotion. If a transactional or relationship is the primary purpose, then CAN-SPAM does not apply. Unlike TCPA, there are no exceptions or carve-outs for healthcare. Instead, healthcare must comply like all other industries.

The above are some general considerations when it comes to text and email communication in healthcare. If you want to join a more in-depth conversation, sign up for a webinar that I will lead on Wednesday, November 15th at Noon EST through Physician Practice. Sign up is available here: http://bit.ly/2yvKMv8.


About Matt Fisher

Matt is the chair of Mirick O'Connell's Health Law Group and a partner in the firm's Business Group. Matt focuses his practice on health law and all areas of corporate transactions. Matt's health law practice includes advising clients with regulatory, fraud, abuse, and compliance issues. With regard to regulatory matters, Matt advises clients to ensure that contracts, agreements and other business arrangements meet both federal and state statutory and regulatory requirements. Matt's regulatory advice focuses on complying with requirements of the Stark Law, Anti-Kickback Statute, fraud and abuse regulations, licensing requirements and HIPAA. Matt also advises clients on compliance policies to develop appropriate monitoring and oversight of operations.
This entry was posted in Business, Compliance, Health IT, HIPAA, Regulations and tagged , , , , . Bookmark the permalink.

One Response to Text or Email: Does it Fit in Healthcare?

  1. Pingback: Text or Email: Does it Fit in Healthcare? - HITECH Answers: Meaningful Use, EHR, HIPAA News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s