Permissible Texting In Healthcare. Is It Ok?


Easy to follow guidelines for using text messaging in healthcare environments

Text messaging, also referred to as “texting” or “SMS” (Short Message Service), is a convenient means of communicating.  A recent Neilsen survey found that 56% of consumers preferred text message over voice mail1 and 67% would rather text with a business about appointments and scheduling than email.2 And why not? Texting is quick and easy. Additionally, according to Forbes 95% of texts from businesses are read within 3 minutes.3

As much as healthcare providers may want to capitalize on consumers' preferences for text messaging, they must do so with caution. Before sending texts in a healthcare setting, there are some key questions to answer first:

  • When can texts be sent?
  • Are texts treated the same as voice mails?
  • Is the patient’s permission needed to text them?
  • What information can be included in texts?

“Heavily REGUL8D”

As with other aspects of healthcare, the use of text messaging by healthcare providers/organizations is subject to tight regulation. And not by just one regulatory body, either. The Federal Telephone Consumer Protection Act (TCPA), Centers for Medicare and Medicaid Services (CMS) and The Joint Commission (TJC) have each established their own criteria around permissible uses of texting in various healthcare settings. For example, the TCPA (enacted in 1991) initially protected consumers from unsolicited robocalls, fax messages and automatic dialers. Today, the TCPA has been updated to regulate mobile phone communications and text messaging as well. As a result, under the TCPA, a healthcare provider/organization must obtain prior express consent before calling, faxing or texting an individual, unless one of the healthcare exceptions applies.

In 2015, the Federal Communications Commission (FCC) created several narrow exceptions to the TCPA’s consent requirement. Specifically, the FCC permitted healthcare providers to send prerecorded voice messages related to an “urgent” healthcare treatment purpose (as defined under The Health Insurance Portability and Accountability Act of 1996 (HIPAA)) to land lines, without receiving prior consent.

The FCC subsequently expanded these exceptions to include messages sent to wireless devices and mobile phones. The exceptions apply to messages concerning:

  • Appointments and exams
  • Confirmations and reminders
  • Wellness checkups
  • Hospital pre-registration instructions
  • Pre-operative instructions
  • Lab results
  • Post-discharge follow-up intended to prevent readmission
  • Prescription notifications
  • Home healthcare instructions

The exceptions do not, however, apply to calls concerning:

  • Telemarketing
  • Solicitation
  • Advertising content
  • Accounting, billing, debt collection, or other financial content

Further complicating matters, the FCC placed several conditions on the excepted communications, including the following:

  • Patients may not incur charges for the message, i.e., messages cannot count toward the patient’s text/minute allowances, or other plan limits
  • Messages may only be sent to wireless telephone numbers provided by the patient
  • Messages must state the name and contact information of the healthcare provider (for voice calls, these disclosures must be made at the beginning of the call)
  • Messages cannot include telemarketing, solicitation, or advertising content, and cannot include accounting, billing, debt-collection, or other financial information
  • Messages must comply with HIPAA privacy rules
  • Text messages may not exceed 160 characters
  • Only one message (either voice call or text message) may be left per day, and no more than three voice calls/text messages may be left per week
  • Each message (voice and text) must provide an easy means to opt out of future messages
  • Text messages must inform patients that they can choose to opt out by replying “STOP,” which is the sole means by which patients may opt out of such messages
  • A healthcare provider must honor opt-out requests immediately

The complexity of these regulations makes clear the importance of exercising caution when sending text messages in a healthcare setting.

To add yet another layer of complexity, while the TCPA permits texting for some healthcare related activities, both TJC and CMS expressly prohibit texting of patient care orders. Specifically, TJC stated in 2011 that it was not acceptable for physicians or other licensed independent practitioners to text orders for patient care, treatment or services to hospitals or other healthcare settings. In May 2016, TJC announced that healthcare providers were allowed to text patient care orders as long as specific security requirements were in place.

Subsequently, however, TJC in conjunction with CMS, rescinded this approval because there were lingering concerns about transmitting text orders even when using a secure text messaging system. Additionally, they were concerned that permitting the texting of patient orders could increase the burden on nurses who would have to subsequently enter those text orders into the patient’s electronic health record (EHR). The regulators also worried that texting patient orders would not allow for the real-time confirmation of the order, among other safety concerns.

In 2017, CMS further clarified its position regarding permitted text messaging of patient information by providers, stating:4

  • Texting patient information among members of the healthcare team is permissible if a secure platform is used
  • Texting patient orders is prohibited regardless of the platform used
  • Computerized Provider Order Entry (CPOE) is the preferred method for entering patient orders

While TJC and CMS continue to prohibit the texting of patient care orders, the TCPA does permit texting patient information under certain conditions, as described above.

"The complexity of these regulations makes clear the importance of exercising caution when sending text messages in a healthcare setting."

Failure to comply = No maximum cap

Failure to comply with these regulations can mean steep fines. TCPA violations result in strict liability, meaning that the caller/sender is liable even if not at fault. Specifically, violations of the TCPA carry damages of up to $500/call or message and up to $1500 if the violation was knowing or willful. There is no maximum cap on damages, which can result in significant exposure in class action litigation.

Recently, the United States Second Circuit Court of Appeals reaffirmed the TCPA’s “healthcare messages” exception.5 Specifically, the Court held that a pharmacy’s flu shot reminder calls fell within the TCPA “healthcare message” exception and did not require express consent, even though it contained a marketing component. Thus, the pharmacy was not liable for the $500-$1500/call statutory damages. The Second Circuit warned though, that marketing calls purporting to be “healthcare” messages may not always fall within TCPA’s exceptions, depending on the specific circumstances. The wording of this ruling suggests healthcare providers must take care to ensure any text messaging falls clearly within the exceptions.

So. What should organizations do?

Given the potential for significant exposure and financial repercussions, healthcare organizations should be proactive and look closely at how, when and who sends voice and/or text communications to patients. In particular, the organization should review:

  • Processes for obtaining consent
  • Current records of patient consent
  • Methods and vendors used to contact patients
  • Policies and procedures regarding how phone numbers are collected, calls/texts are logged, and “opt outs” processed
  • Training regarding permissible content

Talk to us

Contact Lexington Healthcare Risk Management ( with any questions about communicating with patients via text.

Neilsen in

2 State of Texting Report, 2019 in

Forbes in

CMS, Center for Clinical Standards and Quality/Survey & Certification Group, “Texting of Patient Information among Healthcare Providers” (12/28/2017)

5 Zani v. Rite Aid Hdqtrs. Corp ., 17-1230 -cv (Feb. 21, 2018)

The information, suggestions and recommendations contained herein are for general informational purposes only. This information has been compiled from sources believed to be reliable. Risk Consulting Services do not address every possible loss potential, law, rule, regulation, practice or procedure. No warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any such service. Reliance upon, or compliance with, any report in no way guarantees any result, including without limitation the fulfillment of your obligations under your insurance policy or as may otherwise be required by any laws, rules or regulations. No responsibility is assumed for the discovery and/or elimination of any hazards that could cause accidents, injury or damage. The information contained herein should not be construed as financial, accounting, tax, medical or legal advice and does not create an attorney-client relationship

Enter Keyword