What are the rules for emails and texting with health information?

Information is power. And with the increased ease of transferring and sharing information, there needed to be set protocols on sharing sensitive and personal information on patient health. The US Department of Health and Human Services sought to close and remove such loopholes through the provision of set guidelines. The rules of sharing and controlling health information changed after the implementation of the HIPAA and text messaging suddenly couldn’t disclose some information about a patient.

The question is: What can a medical/ health associated administrative share or disclose about a patient? What are the guidelines that protect the privacy of people? What are the rules for texting health information?

Just keep scrolling.


The Health Insurance Portability and Accountability Act is legislation that seeks to protect confidential information on patients. Through the Department of Health and Human Services, the Secretary sort to establish requirements and national standards that would protect how health information is transferred, especially in electronic form. The Act applies to any health care provider who uses and transmits electronic health information.  It also encompasses business associates who might be under contract and could be making use of said information.

HIPPA rules

Communicating through unsecured channels

You always hear scary stories about data breaches and hacking almost on a daily basis. HIPPA requires that the sharing of a patient’s personal information should only be done through secured channels. If a prospective client communicates to a medical practitioner through any unsecured electronic media (which could involve texting or media), the health officer is required to communicate the risk. The responsibility of the medical practitioner is to obtain authorization with regard to the sharing of personal information on such media.

Use of encryption

To properly secure the contents of your email, health practitioners are asked to use HIPAA compliant messaging services. Such service providers recognize the guidelines provided within the Act and ensure that the same quality is ensured in the encryptions. Both ends of the conversation are protected.

If the patient for one reason or another seeks to obtain information in another way, they must make an official request and also be made aware of the risks associated.

Nearly the same standards of information apply when communicating personal health information with third parties. Communication should only be done across encrypted or secure channels. However, the third party cannot elect to communicate via unsecured channels like a patient. First, they are not the owner of the information and neither are they the custodian, who in this case is the medical practitioner. Relevant standards must be followed strictly when communicating either with your patient or business partner.

Use of direct patient identifiers

When communicating, HIPAA regulates that a patient’s name, medical record number or other identifiers should not be used in the message content. Other information not to be used: phone numbers, fax numbers, account numbers, vehicle identifiers, social security numbers among others.