HIPAA is complex. It was designed to not only protect patients and their health information, but also to protect healthcare organizations and to help them control costs. According to the U.S. Department of Health & Human Services, “appointment reminders are considered part of treatment of an individual and, therefore, can be made without authorization.”
However, like the American Medical Association says, “Yes. The Privacy Rules allow a physician to communicate with patients, including communications to the patient’s home. When making these types of communications, however, the physician should take precautions to safeguard the patient’s privacy.”
There are several things to keep in mind when launching an automated appointment reminder solution to ensure you and your patients are as protected as possible.
Please keep in mind that we are not lawyers and cannot give official legal advice on this matter. For legal advice we recommend you reach out to an attorney.
Tips for protecting yourself and your patients:
- Outline in your NPP (Notice of Privacy Practices) that you send appointment reminders including the type of messages you send (email, voice (explicitly mention that you leave voicemails), text and/or postcards)
- Have patients verify their contact information regularly
- Ask for additional opt-ins when possible, especially for text
- Leave out condition specific appointment types. Be generic. Annual appointment types (well woman exams etc.) are OK
- When leaving a message for a referred patient (that is not already your patient), make sure that the referring practice has the type of outreach you’re performing in their NPP for example email, voice and text
- Give patients the option for a preferred method of contact, or at the least, the ability to opt- out of specific outreach methods (this can be included on your intake form, and/or directly in the sent messages). Moving forward, respect these preferences
- If you’re sending messages about a “new service” or a “new provider” make sure these are also outlined in your NPP
Content for HIPAA Compliant Appointment Reminders:
When sending appointment reminders it is best to keep things generic and avoid being too specific in your communications. Be mindful that messages can be received by the wrong person and that practice names can infer types of appointments/conditions for example “Radiology Clinic.” Generic reminders include:
- Appointment date and time
- Provider name
- Location of the appointment
PatientPrompt’s HIPAA compliance program:
As a Business Associate for Covered Entities, we apply the administrative, physical and technical safeguards to ensure the privacy, confidentiality and security of your data. Learn more about our security policies and certifications here.
Check out our FAQ document answered by David Harlow of The Harlow Group, following the webinar.
Check out these helpful resources on HIPAA and appointment reminders:
The American Medical Association’s FAQs on HIPAA
The U.S. Department of Health & Human Services FAQs on HIPAA and Marketing
The U.S. Department of Health & Human Services FAQs on HIPAA and Appointment Reminders