Chatbots & HIPAA-Compliant Texting

by Anthony Y.

More and more healthcare businesses are taking advantage of digital services, but with so many new technologies out there, it is best to keep things simple while providing access to as many patients as possible. With 96% of text messages being read within 3 minutes, utilizing HIPAA-Compliant texting can minimize no-show appointments, improve engagement between provider and patients, and even provide more effective post-procedure instructions—all while saving your practice time.

Is Text HIPAA-Compliant

As SMS is handled by native apps on most phones, it is generally not going to be HIPAA-Compliant. Scheduling, general information, and non-sensitive information can be sent through text, but when Protected Health Information (PHI) needs to be sent, SMS is not considered HIPAA-Compliant.

Aside from using SMS for reminders and general business information, it is generally safer to prohibit texting because of the potential security risks. There are uncontrollable risks of patients accidentally providing PHI through SMS, losing their phone, and more, but because they may not have knowledge regarding HIPAA compliance, what happens after these scenarios may cause problems. 

The other elements of HIPAA compliance, like the need for encryption, access, and audit controls, do not exist in native SMS apps. HIPAA necessitates that accessing, creating, modifying, sharing, or deleting PHI needs to be recorded, enforcing audit controls for texting is not possible yet because it is not a priority for SMS developers. Service carriers can technically also intercept messages since they are not encrypted, but overall there are many vulnerabilities associated with SMS.

This is why with SmartBot360, we focus on HIPAA compliance and adapted our chatbot to work with SMS apps as well. SmartBot360’s AI detects potential compliance issues, or if the chatbot is asking a question that may require the patient to enter PHI, it sends a secure link that requests them to continue the conversation and input their health information there.

Things to do with HIPAA-Compliant texting

While it is standard to follow-up with calls or email, SMS has mostly been the channel that gets the most impressions even when they do not reply. Everyone at least sees a text on their phone, whereas someone not picking up a call or going over their email may miss it.

Because SMS recipients see the general gist of the message before swiping to delete the notification, reminders for appointments are rather effective as patients can be notified a day before their appointment, and if something new came up, they can simply reply to cancel it so that the provider can save time and fill in the spot with another appointment. 

Providers can also schedule chatbots to follow up with patients after their visit to request a review, and with SmartBot360’s chatbot SMS follow-up, it can route positive reviews to the Yelp/Google page and route negative reviews directly to staff so that issues can be directly resolved without having a patient leave a negative review.

Pre-visit planning can also be handled with HIPAA-compliant texting. Prior to their in person visit, the chatbot can be scheduled to send pre-visit planning forms so that the patient can fill it out and save more time during the actual check-up instead of filling out forms at the office. It also provides a quicker way for doctors to glance over all their information so they can dive deeper into the potential symptoms and solutions.

There are many ways to use HIPAA-Compliant texting for your organization, and with SmartBot360, it can be customized to handle simple tasks or complex tasks depending on your organization’s texting goals.