Question: We have one of those text and email appointment-reminder systems in place. And in our Notice of Privacy Practices (NPP), it does say that is how we communicate reminders to our patients. Do we still need to get their individual approval to communicate that way? Or since they’ve signed our acknowledgement of NPP receipt, are we okay?
Answer: In the past, your NPP always had to include something saying that you might use the patient’s health information for contacting him for appointment reminders and other similar things, notes Jim Sheldon-Dean, HIPAA expert and director of compliance services for Lewis Creek Systems LLC in Charlotte, VT. But now the requirement to include that particular item in the NPP no longer exists.
So you don’t necessarily have to say this in your NPP, Sheldon-Dean says. “At the same time, now people are using systems like your texting and email system for communicating.” This is the kind of issue “where I haven’t seen particular guidance from Health and Human Services that says that this is okay without having had to ask for permission,” he adds.
Best bet: “So I would suggest that it’s a good idea for you to secure that permission” as a sort of extra safeguard against a HIPAA problem, Sheldon-Dean offers. Start working on a process for obtaining permission as you contact patients. Before the next time you contact patients, ask them if it’s okay to contact them by email and have that discussion.
“I think you need to start working that in because I haven’t seen a specific guidance that would say it’s okay to have those kinds of communications without having gotten permission,” Sheldon-Dean cautions. Just signing your NPP doesn’t necessarily give you permission to go forward with using a text and email system for communicating with patients — the NPP just lets patients know what your practices are.